X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=security%2Fplugins%2Forg.argeo.security.equinox%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fequinox%2FSpringLoginModule.java;h=0e5984532099720cbc627f0be865bb13898a259a;hb=2f1c0a952d1bbaafc243da2d5d4caa235f628777;hp=2222faeccf35620734bfebf9d1a4cd6a15fcc020;hpb=a7a5f4db586128a9bb2c171ee819eb3eb19f80aa;p=lgpl%2Fargeo-commons.git diff --git a/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java b/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java index 2222faecc..0e5984532 100644 --- a/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java +++ b/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java @@ -10,19 +10,25 @@ import javax.security.auth.callback.PasswordCallback; import javax.security.auth.callback.TextOutputCallback; import javax.security.auth.login.LoginException; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.argeo.security.SiteAuthenticationToken; import org.springframework.security.Authentication; import org.springframework.security.AuthenticationManager; import org.springframework.security.BadCredentialsException; import org.springframework.security.context.SecurityContextHolder; -import org.springframework.security.providers.UsernamePasswordAuthenticationToken; import org.springframework.security.providers.jaas.SecurityContextLoginModule; /** Login module which caches one subject per thread. */ public class SpringLoginModule extends SecurityContextLoginModule { + private final static Log log = LogFactory.getLog(SpringLoginModule.class); + private AuthenticationManager authenticationManager; private CallbackHandler callbackHandler; + private Subject subject; + public SpringLoginModule() { } @@ -31,25 +37,32 @@ public class SpringLoginModule extends SecurityContextLoginModule { public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { super.initialize(subject, callbackHandler, sharedState, options); - // this.subject.set(subject); this.callbackHandler = callbackHandler; + this.subject = subject; } public boolean login() throws LoginException { + // try to retrieve Authentication from Subject + // Set auths = + // subject.getPrincipals(Authentication.class); + // if (auths.size() > 0) + // SecurityContextHolder.getContext().setAuthentication( + // auths.iterator().next()); + // thread already logged in if (SecurityContextHolder.getContext().getAuthentication() != null) return super.login(); - // if (getSubject().getPrincipals(Authentication.class).size() == 1) { - // registerAuthentication(getSubject() - // .getPrincipals(Authentication.class).iterator().next()); - // return super.login(); - // } else if (getSubject().getPrincipals(Authentication.class).size() > - // 1) { - // throw new LoginException( - // "Multiple Authentication principals not supported: " - // + getSubject().getPrincipals(Authentication.class)); - // } else { + // reset all principals and credentials + if (log.isTraceEnabled()) + log.trace("Resetting all principals and credentials of " + subject); + if (subject.getPrincipals() != null) + subject.getPrincipals().clear(); + if (subject.getPrivateCredentials() != null) + subject.getPrivateCredentials().clear(); + if (subject.getPublicCredentials() != null) + subject.getPublicCredentials().clear(); + // ask for username and password Callback label = new TextOutputCallback(TextOutputCallback.INFORMATION, "Required login"); @@ -57,6 +70,8 @@ public class SpringLoginModule extends SecurityContextLoginModule { PasswordCallback passwordCallback = new PasswordCallback("Password", false); + // NameCallback urlCallback = new NameCallback("Site URL"); + if (callbackHandler == null) { throw new LoginException("No call back handler available"); // return false; @@ -65,9 +80,7 @@ public class SpringLoginModule extends SecurityContextLoginModule { callbackHandler.handle(new Callback[] { label, nameCallback, passwordCallback }); } catch (Exception e) { - LoginException le = new LoginException("Callback handling failed"); - le.initCause(e); - throw le; + throw new RuntimeException("Unexpected exception when handling", e); } // Set user name and password @@ -76,16 +89,19 @@ public class SpringLoginModule extends SecurityContextLoginModule { if (passwordCallback.getPassword() != null) { password = String.valueOf(passwordCallback.getPassword()); } - UsernamePasswordAuthenticationToken credentials = new UsernamePasswordAuthenticationToken( - username, password); + + // String url = urlCallback.getName(); + // TODO: set it via system properties + String workspace = null; + + SiteAuthenticationToken credentials = new SiteAuthenticationToken( + username, password, null, workspace); try { Authentication authentication = authenticationManager .authenticate(credentials); registerAuthentication(authentication); boolean res = super.login(); - // if (log.isDebugEnabled()) - // log.debug("User " + username + " logged in"); return res; } catch (BadCredentialsException bce) { throw bce; @@ -95,11 +111,11 @@ public class SpringLoginModule extends SecurityContextLoginModule { loginException.initCause(e); throw loginException; } - // } } @Override public boolean logout() throws LoginException { + subject.getPrincipals().clear(); return super.logout(); } @@ -118,9 +134,4 @@ public class SpringLoginModule extends SecurityContextLoginModule { AuthenticationManager authenticationManager) { this.authenticationManager = authenticationManager; } - - // protected Subject getSubject() { - // return subject.get(); - // } - }