Keyring login module

author Mathieu Baudier <mbaudier@argeo.org>

Tue, 27 Sep 2011 20:53:32 +0000 (20:53 +0000)

committer Mathieu Baudier <mbaudier@argeo.org>

Tue, 27 Sep 2011 20:53:32 +0000 (20:53 +0000)
author Mathieu Baudier <mbaudier@argeo.org>
Tue, 27 Sep 2011 20:53:32 +0000 (20:53 +0000)
committer Mathieu Baudier <mbaudier@argeo.org>
Tue, 27 Sep 2011 20:53:32 +0000 (20:53 +0000)
diff --git a/security/plugins/org.argeo.security.equinox/META-INF/spring/loginModules.xml b/security/plugins/org.argeo.security.equinox/META-INF/spring/loginModules.xml

index 5714e0e19329f40bf9b01687c06f08fdc082f21d..d661b5f562ef00fb8a2fca80fac0f02fd897adae 100644 (file)
--- a/security/plugins/org.argeo.security.equinox/META-INF/spring/loginModules.xml
+++ b/security/plugins/org.argeo.security.equinox/META-INF/spring/loginModules.xml
@@ -13,4 +13,8 @@
                 scope="prototype">
                 <property name="authenticationManager" ref="authenticationManager" />
         </bean>
+
+       <bean id="keyringLoginModule" class="org.argeo.security.equinox.KeyringLoginModule"
+               scope="prototype">
+       </bean>
  </beans>
diff --git a/security/plugins/org.argeo.security.equinox/plugin.xml b/security/plugins/org.argeo.security.equinox/plugin.xml

index 2e63e17a4e7ecbdf5a2e41fe90e18680c57dc756..82da571f7f1023172fbbee7edd3feb118a0858e9 100644 (file)
--- a/security/plugins/org.argeo.security.equinox/plugin.xml
+++ b/security/plugins/org.argeo.security.equinox/plugin.xml
@@ -9,7 +9,11 @@
    <extension id="osSpringLoginModule" name="Argeo Spring OS" point="org.eclipse.equinox.security.loginModule">
    <loginModule class="org.argeo.eclipse.spring.SpringExtensionFactory" description="Argeo Spring OS Login Module"/>
    </extension>
-
+  
+  <extension id="keyringLoginModule" name="Argeo Keyring" point="org.eclipse.equinox.security.loginModule">
+  <loginModule class="org.argeo.eclipse.spring.SpringExtensionFactory" description="Argeo Keyring Login Module"/>
+  </extension>
+  
    <!-- Java -->
    <extension id="unixLoginModule" name="UNIX" point="org.eclipse.equinox.security.loginModule">
    <loginModule class="com.sun.security.auth.module.UnixLoginModule" description="UNIX Login Module"/>
diff --git a/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/KeyringLoginModule.java b/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/KeyringLoginModule.java

new file mode 100644 (file)

index 0000000..3de56cc
--- /dev/null
+++ b/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/KeyringLoginModule.java
@@ -0,0 +1,62 @@
+package org.argeo.security.equinox;
+
+import java.util.Map;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+
+import org.apache.commons.logging.LogConfigurationException;
+import org.argeo.util.crypto.PasswordBasedEncryption;
+
+public class KeyringLoginModule implements LoginModule {
+       private Subject subject;
+       private CallbackHandler callbackHandler;
+       private PasswordBasedEncryption passwordBasedEncryption;
+
+       public void initialize(Subject subject, CallbackHandler callbackHandler,
+                       Map<String, ?> sharedState, Map<String, ?> options) {
+               this.subject = subject;
+               this.callbackHandler = callbackHandler;
+       }
+
+       public boolean login() throws LoginException {
+               Set<PasswordBasedEncryption> pbes = subject
+                               .getPrivateCredentials(PasswordBasedEncryption.class);
+               if (pbes.size() > 0)
+                       return true;
+               PasswordCallback pc = new PasswordCallback("Master password", false);
+               Callback[] callbacks = { pc };
+               try {
+                       callbackHandler.handle(callbacks);
+                       passwordBasedEncryption = new PasswordBasedEncryption(
+                                       pc.getPassword());
+               } catch (Exception e) {
+                       throw new LogConfigurationException(e);
+               }
+               return true;
+       }
+
+       public boolean commit() throws LoginException {
+               if (passwordBasedEncryption != null)
+                       subject.getPrivateCredentials(PasswordBasedEncryption.class).add(
+                                       passwordBasedEncryption);
+               return true;
+       }
+
+       public boolean abort() throws LoginException {
+               return true;
+       }
+
+       public boolean logout() throws LoginException {
+               Set<PasswordBasedEncryption> pbes = subject
+                               .getPrivateCredentials(PasswordBasedEncryption.class);
+               pbes.clear();
+               return true;
+       }
+
+}
author	Mathieu Baudier <mbaudier@argeo.org>
	Tue, 27 Sep 2011 20:53:32 +0000 (20:53 +0000)
committer	Mathieu Baudier <mbaudier@argeo.org>
	Tue, 27 Sep 2011 20:53:32 +0000 (20:53 +0000)
security/plugins/org.argeo.security.equinox/META-INF/spring/loginModules.xml		patch \| blob \| history
security/plugins/org.argeo.security.equinox/plugin.xml		patch \| blob \| history
security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/KeyringLoginModule.java	[new file with mode: 0644]	patch \| blob