X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FUserAdminLoginModule.java;h=492ab0fbafa8ad88f45912c0a33c636d1dbb3ba2;hb=06acf73a99f0e3908fe8998f1ff08dee109c5562;hp=53b4242ef0be61043f4ec3325189af0974f5b17e;hpb=739faf3400e7f2f1b2bf06bd1ccf9da042c78f5b;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
index 53b4242ef..492ab0fba 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
@@ -1,10 +1,8 @@
 package org.argeo.cms.auth;
 
 import java.io.IOException;
-import java.util.Iterator;
 import java.util.Locale;
 import java.util.Map;
-import java.util.Set;
 
 import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
@@ -14,36 +12,43 @@ import javax.security.auth.callback.NameCallback;
 import javax.security.auth.callback.PasswordCallback;
 import javax.security.auth.callback.UnsupportedCallbackException;
 import javax.security.auth.login.CredentialNotFoundException;
+import javax.security.auth.login.FailedLoginException;
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
 
 import org.argeo.ArgeoException;
-import org.argeo.cms.internal.kernel.Activator;
 import org.argeo.eclipse.ui.specific.UiContext;
 import org.osgi.framework.BundleContext;
-import org.osgi.service.http.HttpContext;
+import org.osgi.framework.FrameworkUtil;
 import org.osgi.service.useradmin.Authorization;
 import org.osgi.service.useradmin.User;
 import org.osgi.service.useradmin.UserAdmin;
 
 public class UserAdminLoginModule implements LoginModule, AuthConstants {
-	private Subject subject;
+	// private final static Log log =
+	// LogFactory.getLog(UserAdminLoginModule.class);
+	//
+	// private Subject subject;
 	private CallbackHandler callbackHandler;
+	private Map<String, Object> sharedState = null;
+
 	private boolean isAnonymous = false;
 
-	private HttpServletRequest request = null;
+	// private HttpServletRequest request = null;
+	private BundleContext bc;
 
+	@SuppressWarnings("unchecked")
 	@Override
-	public void initialize(Subject subject, CallbackHandler callbackHandler,
-			Map<String, ?> sharedState, Map<String, ?> options) {
+	public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
+			Map<String, ?> options) {
 		try {
-			this.subject = subject;
+			bc = FrameworkUtil.getBundle(UserAdminLoginModule.class).getBundleContext();
+			assert bc != null;
+			// this.subject = subject;
 			this.callbackHandler = callbackHandler;
+			this.sharedState = (Map<String, Object>) sharedState;
 			if (options.containsKey("anonymous"))
-				isAnonymous = Boolean.parseBoolean(options.get("anonymous")
-						.toString());
+				isAnonymous = Boolean.parseBoolean(options.get("anonymous").toString());
 		} catch (Exception e) {
 			throw new ArgeoException("Cannot initialize login module", e);
 		}
@@ -51,39 +56,29 @@ public class UserAdminLoginModule implements LoginModule, AuthConstants {
 
 	@Override
 	public boolean login() throws LoginException {
-		BundleContext bc = Activator.getBundleContext();
-		UserAdmin userAdmin = bc.getService(bc
-				.getServiceReference(UserAdmin.class));
+		UserAdmin userAdmin = bc.getService(bc.getServiceReference(UserAdmin.class));
 		Authorization authorization = null;
 		if (isAnonymous) {
 			authorization = userAdmin.getAuthorization(null);
 		} else {
-			HttpRequestCallback httpCallback = new HttpRequestCallback();
+			// HttpRequestCallback httpCallback = new HttpRequestCallback();
 			// ask for username and password
 			NameCallback nameCallback = new NameCallback("User");
-			PasswordCallback passwordCallback = new PasswordCallback(
-					"Password", false);
+			PasswordCallback passwordCallback = new PasswordCallback("Password", false);
 			LanguageCallback langCallback = new LanguageCallback();
 			try {
-				callbackHandler.handle(new Callback[] { httpCallback,
-						nameCallback, passwordCallback, langCallback });
+				callbackHandler.handle(new Callback[] { nameCallback, passwordCallback, langCallback });
 			} catch (IOException e) {
-				throw new LoginException("Cannot handle http callback: "
-						+ e.getMessage());
+				throw new LoginException("Cannot handle callback: " + e.getMessage());
 			} catch (ThreadDeath e) {
-				throw new ThreadDeathLoginException(
-						"Callbackhandler thread died", e);
+				throw new ThreadDeathLoginException("Callbackhandler thread died", e);
 			} catch (UnsupportedCallbackException e) {
 				return false;
 			}
-			request = httpCallback.getRequest();
-			if (request != null) {
-				authorization = (Authorization) request
-						.getAttribute(HttpContext.AUTHORIZATION);
-				if (authorization == null)
-					authorization = (Authorization) request.getSession()
-							.getAttribute(HttpContext.AUTHORIZATION);
-			}
+
+			// check http
+			// request = httpCallback.getRequest();
+			// authorization = checkHttp();
 
 			// i18n
 			Locale locale = langCallback.getLocale();
@@ -91,77 +86,147 @@ public class UserAdminLoginModule implements LoginModule, AuthConstants {
 				locale = Locale.getDefault();
 			UiContext.setLocale(locale);
 
+			authorization = (Authorization) sharedState.get(SHARED_STATE_AUTHORIZATION);
+
 			if (authorization == null) {
 				// create credentials
 				final String username = nameCallback.getName();
 				if (username == null || username.trim().equals("")) {
 					// authorization = userAdmin.getAuthorization(null);
-					throw new CredentialNotFoundException(
-							"No credentials provided");
+					throw new CredentialNotFoundException("No credentials provided");
 				} else {
 					char[] password = {};
 					if (passwordCallback.getPassword() != null)
 						password = passwordCallback.getPassword();
 					else
-						throw new CredentialNotFoundException(
-								"No credentials provided");
+						throw new CredentialNotFoundException("No credentials provided");
 
 					User user = userAdmin.getUser(null, username);
 					if (user == null)
-						return false;
+						throw new FailedLoginException("Invalid credentials");
 					if (!user.hasCredential(null, password))
-						return false;
+						throw new FailedLoginException("Invalid credentials");
+					// return false;
+
+					// Log and monitor new login
+					// if (log.isDebugEnabled())
+					// log.debug("Logged in to CMS with username [" + username +
+					// "]");
+
 					authorization = userAdmin.getAuthorization(user);
 				}
 			}
-			// } else {
-			// authorization = userAdmin.getAuthorization(null);
-			// }
 		}
-		subject.getPrivateCredentials().add(authorization);
+		if (!sharedState.containsKey(SHARED_STATE_AUTHORIZATION))
+			sharedState.put(SHARED_STATE_AUTHORIZATION, authorization);
+		// subject.getPrivateCredentials().add(authorization);
 		return true;
 	}
 
+	// private Authorization checkHttp() {
+	// Authorization authorization = null;
+	// if (request != null) {
+	// authorization = (Authorization)
+	// request.getAttribute(HttpContext.AUTHORIZATION);
+	// if (authorization == null) {
+	// String sessionId = request.getSession().getId();
+	// authorization = (Authorization)
+	// request.getSession().getAttribute(HttpContext.AUTHORIZATION);
+	// if (authorization == null) {
+	// Collection<ServiceReference<CmsSession>> sr;
+	// try {
+	// sr = bc.getServiceReferences(CmsSession.class,
+	// "(" + CmsSession.CMS_SESSION_ID + "=" + sessionId + ")");
+	// } catch (InvalidSyntaxException e) {
+	// throw new CmsException("Cannot get CMS session for id " + sessionId, e);
+	// }
+	// if (sr.size() == 1) {
+	// CmsSession cmsSession = bc.getService(sr.iterator().next());
+	// authorization = cmsSession.getAuthorization();
+	// if (log.isTraceEnabled())
+	// log.trace("Retrieved authorization from " + cmsSession);
+	// }
+	// }
+	// }
+	// }
+	// return authorization;
+	// }
+
 	@Override
 	public boolean commit() throws LoginException {
-		Authorization authorization = subject
-				.getPrivateCredentials(Authorization.class).iterator().next();
-		if (request != null) {
-			request.setAttribute(HttpContext.REMOTE_USER,
-					authorization.getName());
-			request.setAttribute(HttpContext.AUTHORIZATION, authorization);
-			request.getSession().setAttribute(HttpContext.AUTHORIZATION,
-					authorization);
-			subject.getPrivateCredentials().add(request.getSession());
-		}
+		// Authorization authorization =
+		// subject.getPrivateCredentials(Authorization.class).iterator().next();
+		// if (request != null && authorization.getName() != null) {
+		// request.setAttribute(HttpContext.REMOTE_USER,
+		// authorization.getName());
+		// request.setAttribute(HttpContext.AUTHORIZATION, authorization);
+		//
+		// HttpSession httpSession = request.getSession();
+		// if (httpSession.getAttribute(HttpContext.AUTHORIZATION) == null) {
+		//
+		// String sessionId = request.getSession().getId();
+		// Collection<ServiceReference<CmsSession>> sr;
+		// try {
+		// sr = bc.getServiceReferences(CmsSession.class,
+		// "(" + CmsSession.CMS_SESSION_ID + "=" + sessionId + ")");
+		// } catch (InvalidSyntaxException e) {
+		// throw new CmsException("Cannot get CMS session for id " + sessionId,
+		// e);
+		// }
+		// CmsSession cmsSession;
+		// if (sr.size() == 1) {
+		// cmsSession = bc.getService(sr.iterator().next());
+		// } else if (sr.size() == 0) {
+		// Hashtable<String, String> props = new Hashtable<>();
+		// props.put(CmsSession.CMS_DN, authorization.getName());
+		// props.put(CmsSession.CMS_SESSION_ID, sessionId);
+		// cmsSession = new CmsSessionImpl(sessionId, authorization);
+		// bc.registerService(CmsSession.class, cmsSession, props);
+		// if (log.isDebugEnabled())
+		// log.debug("Initialized " + cmsSession + " for " +
+		// authorization.getName());
+		// } else
+		// throw new CmsException(sr.size() + " CMS sessions registered for " +
+		// sessionId);
+		// cmsSession.addHttpSession(request);
+		// if (log.isTraceEnabled())
+		// log.trace("Added " + request.getServletPath() + " to " + cmsSession +
+		// " (" + request.getRequestURI()
+		// + ")");
+		// httpSession.setAttribute(HttpContext.AUTHORIZATION, authorization);
+		// }
+		// subject.getPrivateCredentials().add(request.getSession());
+		// }
 		return true;
 	}
 
 	@Override
 	public boolean abort() throws LoginException {
-		cleanUp();
+		// cleanUp();
 		return true;
 	}
 
 	@Override
 	public boolean logout() throws LoginException {
-		Set<HttpSession> httpSession = subject
-				.getPrivateCredentials(HttpSession.class);
-		Iterator<HttpSession> it = httpSession.iterator();
-		while (it.hasNext()) {
-			HttpSession sess = it.next();
-			sess.setAttribute(HttpContext.AUTHORIZATION, null);
-			// sess.setMaxInactiveInterval(1);// invalidate session
-		}
-		subject.getPrivateCredentials().removeAll(httpSession);
-		cleanUp();
+		// Set<HttpSession> httpSession =
+		// subject.getPrivateCredentials(HttpSession.class);
+		// Iterator<HttpSession> it = httpSession.iterator();
+		// while (it.hasNext()) {
+		// HttpSession sess = it.next();
+		// sess.setAttribute(HttpContext.AUTHORIZATION, null);
+		// // sess.setMaxInactiveInterval(1);// invalidate session
+		//
+		// // TODO log out CMS session
+		// }
+		// subject.getPrivateCredentials().removeAll(httpSession);
+		//
+		// cleanUp();
 		return true;
 	}
 
-	private void cleanUp() {
-		subject.getPrivateCredentials().removeAll(
-				subject.getPrivateCredentials(Authorization.class));
-		subject = null;
-	}
+	// private void cleanUp() {
+	// subject.getPrivateCredentials().removeAll(subject.getPrivateCredentials(Authorization.class));
+	// subject = null;
+	// }
 
 }