X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=security%2Fplugins%2Forg.argeo.security.equinox%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fequinox%2FSpringLoginModule.java;h=c25be6afbdf46b845adc37c083065a3c2d095be5;hb=2745f0c8c57d9468855179d56f858fb2448f779c;hp=2222faeccf35620734bfebf9d1a4cd6a15fcc020;hpb=a7a5f4db586128a9bb2c171ee819eb3eb19f80aa;p=lgpl%2Fargeo-commons.git diff --git a/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java b/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java index 2222faecc..c25be6afb 100644 --- a/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java +++ b/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java @@ -1,6 +1,7 @@ package org.argeo.security.equinox; import java.util.Map; +import java.util.Set; import javax.security.auth.Subject; import javax.security.auth.callback.Callback; @@ -10,19 +11,25 @@ import javax.security.auth.callback.PasswordCallback; import javax.security.auth.callback.TextOutputCallback; import javax.security.auth.login.LoginException; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.argeo.security.SiteAuthenticationToken; import org.springframework.security.Authentication; import org.springframework.security.AuthenticationManager; import org.springframework.security.BadCredentialsException; import org.springframework.security.context.SecurityContextHolder; -import org.springframework.security.providers.UsernamePasswordAuthenticationToken; import org.springframework.security.providers.jaas.SecurityContextLoginModule; /** Login module which caches one subject per thread. */ public class SpringLoginModule extends SecurityContextLoginModule { + private final static Log log = LogFactory.getLog(SpringLoginModule.class); + private AuthenticationManager authenticationManager; private CallbackHandler callbackHandler; + private Subject subject; + public SpringLoginModule() { } @@ -31,31 +38,28 @@ public class SpringLoginModule extends SecurityContextLoginModule { public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { super.initialize(subject, callbackHandler, sharedState, options); - // this.subject.set(subject); this.callbackHandler = callbackHandler; + this.subject = subject; } public boolean login() throws LoginException { + // try to retrieve Authentication from Subject + Set auths = subject.getPrincipals(Authentication.class); + if (auths.size() > 0) + SecurityContextHolder.getContext().setAuthentication( + auths.iterator().next()); + // thread already logged in if (SecurityContextHolder.getContext().getAuthentication() != null) return super.login(); - // if (getSubject().getPrincipals(Authentication.class).size() == 1) { - // registerAuthentication(getSubject() - // .getPrincipals(Authentication.class).iterator().next()); - // return super.login(); - // } else if (getSubject().getPrincipals(Authentication.class).size() > - // 1) { - // throw new LoginException( - // "Multiple Authentication principals not supported: " - // + getSubject().getPrincipals(Authentication.class)); - // } else { // ask for username and password Callback label = new TextOutputCallback(TextOutputCallback.INFORMATION, "Required login"); NameCallback nameCallback = new NameCallback("User"); PasswordCallback passwordCallback = new PasswordCallback("Password", false); + NameCallback urlCallback = new NameCallback("Site URL"); if (callbackHandler == null) { throw new LoginException("No call back handler available"); @@ -63,7 +67,7 @@ public class SpringLoginModule extends SecurityContextLoginModule { } try { callbackHandler.handle(new Callback[] { label, nameCallback, - passwordCallback }); + passwordCallback, urlCallback }); } catch (Exception e) { LoginException le = new LoginException("Callback handling failed"); le.initCause(e); @@ -76,16 +80,21 @@ public class SpringLoginModule extends SecurityContextLoginModule { if (passwordCallback.getPassword() != null) { password = String.valueOf(passwordCallback.getPassword()); } - UsernamePasswordAuthenticationToken credentials = new UsernamePasswordAuthenticationToken( - username, password); + String url = urlCallback.getName(); + // TODO: set it via system properties + String workspace = null; + + // UsernamePasswordAuthenticationToken credentials = new + // UsernamePasswordAuthenticationToken( + // username, password); + SiteAuthenticationToken credentials = new SiteAuthenticationToken( + username, password, url, workspace); try { Authentication authentication = authenticationManager .authenticate(credentials); registerAuthentication(authentication); boolean res = super.login(); - // if (log.isDebugEnabled()) - // log.debug("User " + username + " logged in"); return res; } catch (BadCredentialsException bce) { throw bce; @@ -100,6 +109,8 @@ public class SpringLoginModule extends SecurityContextLoginModule { @Override public boolean logout() throws LoginException { +// if (log.isDebugEnabled()) +// log.debug("logout subject=" + subject); return super.logout(); } @@ -118,9 +129,4 @@ public class SpringLoginModule extends SecurityContextLoginModule { AuthenticationManager authenticationManager) { this.authenticationManager = authenticationManager; } - - // protected Subject getSubject() { - // return subject.get(); - // } - }