X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=security%2Fplugins%2Forg.argeo.security.ui.rap%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fui%2Frap%2FSecureEntryPoint.java;h=e2febf0aeb9033ce74f09b33e8f1f1cf53cd8e6d;hb=136ef465ce4ddd217e550bbe598258b5a967e846;hp=d38bd8bc0b6ac7226597d02a95bc95c12500a5ba;hpb=4c8c237990cda2b1a9be35532796510d9d5734c5;p=lgpl%2Fargeo-commons.git diff --git a/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureEntryPoint.java b/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureEntryPoint.java index d38bd8bc0..e2febf0ae 100644 --- a/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureEntryPoint.java +++ b/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureEntryPoint.java @@ -7,177 +7,154 @@ import javax.security.auth.login.LoginException; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.argeo.ArgeoException; +import org.argeo.eclipse.ui.ErrorFeedback; import org.eclipse.equinox.security.auth.ILoginContext; -import org.eclipse.jface.dialogs.Dialog; import org.eclipse.jface.dialogs.MessageDialog; import org.eclipse.rwt.RWT; import org.eclipse.rwt.lifecycle.IEntryPoint; -import org.eclipse.rwt.service.SessionStoreEvent; -import org.eclipse.rwt.service.SessionStoreListener; -import org.eclipse.swt.graphics.Image; import org.eclipse.swt.widgets.Display; -import org.eclipse.swt.widgets.Shell; import org.eclipse.ui.PlatformUI; -import org.eclipse.ui.application.IWorkbenchWindowConfigurer; -import org.eclipse.ui.application.WorkbenchAdvisor; -import org.eclipse.ui.application.WorkbenchWindowAdvisor; - -public class SecureEntryPoint implements IEntryPoint, SessionStoreListener { +import org.springframework.security.BadCredentialsException; + +/** + * RAP entry point with login capabilities. Once the user has been + * authenticated, the workbench is run as a privileged action by the related + * subject. + */ +public class SecureEntryPoint implements IEntryPoint { private final static Log log = LogFactory.getLog(SecureEntryPoint.class); - @SuppressWarnings("unchecked") + /** + * How many seconds to wait before invalidating the session if the user has + * not yet logged in. + */ + private Integer loginTimeout = 1 * 60; + // TODO make it configurable + /** Default session timeout is 8 hours (European working day length) */ + private Integer sessionTimeout = 8 * 60 * 60; + @Override public int createUI() { - // 15 mins session timeout - RWT.getRequest().getSession().setMaxInactiveInterval(15 * 60); + // Short login timeout so that the modal dialog login doesn't hang + // around too long + RWT.getRequest().getSession().setMaxInactiveInterval(loginTimeout); if (log.isDebugEnabled()) log.debug("THREAD=" + Thread.currentThread().getId() + ", sessionStore=" + RWT.getSessionStore().getId()); - final ILoginContext loginContext = SecureRapActivator - .createLoginContext(); - Integer returnCode = null; - Display display = PlatformUI.createDisplay(); + // create display + final Display display = PlatformUI.createDisplay(); + // log in + final ILoginContext loginContext = SecureRapActivator + .createLoginContext(SecureRapActivator.CONTEXT_SPRING); Subject subject = null; - try { - loginContext.login(); - subject = loginContext.getSubject(); - } catch (LoginException e) { - log.error("Error when logging in.", e); - MessageDialog.openInformation(display.getActiveShell(), - "Login failed", "Login failed"); - display.dispose(); - RWT.getRequest().getSession().setMaxInactiveInterval(1); + tryLogin: while (subject == null && !display.isDisposed()) { try { - Thread.sleep(2000); - } catch (InterruptedException e1) { - // silent + loginContext.login(); + subject = loginContext.getSubject(); + } catch (LoginException e) { + BadCredentialsException bce = wasCausedByBadCredentials(e); + if (bce != null) { + MessageDialog.openInformation(display.getActiveShell(), + "Bad Credentials", bce.getMessage()); + // retry login + continue tryLogin; + } + return processLoginDeath(display, e); } - // throw new RuntimeException("Login failed", e); - return -1; } - // identify after successful login + // Once the user is logged in, she can have a longer session timeout + RWT.getRequest().getSession().setMaxInactiveInterval(sessionTimeout); if (log.isDebugEnabled()) - log.debug("subject=" + subject); + log.debug("Authenticated " + subject); + final String username = subject.getPrincipals().iterator().next() .getName(); - if (log.isDebugEnabled()) - log.debug(username + " logged in"); + // Logout callback when the display is disposed display.disposeExec(new Runnable() { public void run() { log.debug("Display disposed"); logout(loginContext, username); - // invalidate session - RWT.getRequest().getSession().setMaxInactiveInterval(1); - try { - Thread.sleep(2000); - } catch (InterruptedException e1) { - // silent - } } }); + // + // RUN THE WORKBENCH + // + Integer returnCode = null; try { - returnCode = (Integer) Subject.doAs(subject, getRunAction(display)); - loginContext.logout(); - return processReturnCode(returnCode); - } catch (Exception e) { - if (subject != null) - logout(loginContext, username); - // RWT.getRequest().getSession().setMaxInactiveInterval(1); - log.error("Unexpected error", e); - // throw new ArgeoException("Cannot login", e); + returnCode = Subject.doAs(subject, new PrivilegedAction() { + public Integer run() { + RapWorkbenchAdvisor workbenchAdvisor = new RapWorkbenchAdvisor( + username); + int result = PlatformUI.createAndRunWorkbench(display, + workbenchAdvisor); + return new Integer(result); + } + }); + logout(loginContext, username); } finally { display.dispose(); } - return -1; + return returnCode; } - static void logout(ILoginContext secureContext, String username) { - try { - secureContext.logout(); - log.info("Logged out " + (username != null ? username : "") - + " (THREAD=" + Thread.currentThread().getId() + ")"); - } catch (LoginException e) { - log.error("Erorr when logging out", e); + private Integer processLoginDeath(Display display, LoginException e) { + // check thread death + ThreadDeath td = wasCausedByThreadDeath(e); + if (td != null) { + display.dispose(); + throw td; } - } - - // static void closeWorkbench() { - // final IWorkbench workbench; - // try { - // workbench = PlatformUI.getWorkbench(); - // } catch (Exception e) { - // return; - // } - // if (workbench == null) - // return; - // final Display display = workbench.getDisplay(); - // if (display != null && !display.isDisposed()) - // display.syncExec(new Runnable() { - // - // public void run() { - // if (!display.isDisposed()) - // workbench.close(); - // } - // }); - // - // if (log.isDebugEnabled()) - // log.debug("Workbench closed"); - // } - - static class FailedLogin extends MessageDialog { - - public FailedLogin(Shell parentShell, String dialogTitle, - Image dialogTitleImage, String dialogMessage, - int dialogImageType, String[] dialogButtonLabels, - int defaultIndex) { - super(parentShell, "Failed ", dialogTitleImage, dialogMessage, - dialogImageType, dialogButtonLabels, defaultIndex); - // TODO Auto-generated constructor stub + if (!display.isDisposed()) { + ErrorFeedback.show("Unexpected exception during authentication", e); + // this was not just bad credentials or death thread + RWT.getRequest().getSession().setMaxInactiveInterval(1); + display.dispose(); + return -1; + } else { + throw new ArgeoException( + "Unexpected exception during authentication", e); } } - @SuppressWarnings("rawtypes") - private PrivilegedAction getRunAction(final Display display) { - return new PrivilegedAction() { - public Object run() { - int result = createAndRunWorkbench(display); - return new Integer(result); - } - }; - } - - protected Integer createAndRunWorkbench(Display display) { - return PlatformUI.createAndRunWorkbench(display, - createWorkbenchAdvisor()); - } + /** Recursively look for {@link BadCredentialsException} in the root causes. */ + private BadCredentialsException wasCausedByBadCredentials(Throwable t) { + if (t instanceof BadCredentialsException) + return (BadCredentialsException) t; - protected Integer processReturnCode(Integer returnCode) { - return returnCode; + if (t.getCause() != null) + return wasCausedByBadCredentials(t.getCause()); + else + return null; } - protected WorkbenchAdvisor createWorkbenchAdvisor() { - return new SecureWorkbenchAdvisor() { - public WorkbenchWindowAdvisor createWorkbenchWindowAdvisor( - IWorkbenchWindowConfigurer configurer) { - return new RapSecureWorkbenchWindowAdvisor(configurer); - } - - }; + /** + * If there is a {@link ThreadDeath} in the root causes, rethrow it + * (important for RAP cleaning mechanism) + */ + protected ThreadDeath wasCausedByThreadDeath(Throwable t) { + if (t instanceof ThreadDeath) + return (ThreadDeath) t; + + if (t.getCause() != null) + return wasCausedByThreadDeath(t.getCause()); + else + return null; } - @Override - public void beforeDestroy(SessionStoreEvent event) { - if (log.isDebugEnabled()) - log.debug("RWT session " + event.getSessionStore().getId() - + " about to be destroyed. THREAD=" - + Thread.currentThread().getId()); - + protected void logout(ILoginContext secureContext, String username) { + try { + secureContext.logout(); + log.info("Logged out " + (username != null ? username : "") + + " (THREAD=" + Thread.currentThread().getId() + ")"); + } catch (LoginException e) { + log.error("Erorr when logging out", e); + } } - }