org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java

   1 package org.argeo.cms.auth;
   2
   3 import java.io.IOException;
   4 import java.util.Locale;
   5 import java.util.Map;
   6
   7 import javax.security.auth.Subject;
   8 import javax.security.auth.callback.Callback;
   9 import javax.security.auth.callback.CallbackHandler;
  10 import javax.security.auth.callback.LanguageCallback;
  11 import javax.security.auth.callback.NameCallback;
  12 import javax.security.auth.callback.PasswordCallback;
  13 import javax.security.auth.callback.UnsupportedCallbackException;
  14 import javax.security.auth.login.CredentialNotFoundException;
  15 import javax.security.auth.login.FailedLoginException;
  16 import javax.security.auth.login.LoginException;
  17 import javax.security.auth.spi.LoginModule;
  18
  19 import org.argeo.cms.CmsException;
  20 import org.argeo.eclipse.ui.specific.UiContext;
  21 import org.osgi.framework.BundleContext;
  22 import org.osgi.framework.FrameworkUtil;
  23 import org.osgi.service.useradmin.Authorization;
  24 import org.osgi.service.useradmin.User;
  25 import org.osgi.service.useradmin.UserAdmin;
  26
  27 public class UserAdminLoginModule implements LoginModule {
  28         private Subject subject;
  29         private CallbackHandler callbackHandler;
  30         private Map<String, Object> sharedState = null;
  31
  32         // private boolean isAnonymous = false;
  33
  34         // private state
  35         private BundleContext bc;
  36         private Authorization authorization;
  37
  38         @SuppressWarnings("unchecked")
  39         @Override
  40         public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
  41                         Map<String, ?> options) {
  42                 this.subject = subject;
  43                 try {
  44                         bc = FrameworkUtil.getBundle(UserAdminLoginModule.class).getBundleContext();
  45                         assert bc != null;
  46                         // this.subject = subject;
  47                         this.callbackHandler = callbackHandler;
  48                         this.sharedState = (Map<String, Object>) sharedState;
  49                         // if (options.containsKey("anonymous"))
  50                         // isAnonymous =
  51                         // Boolean.parseBoolean(options.get("anonymous").toString());
  52                 } catch (Exception e) {
  53                         throw new CmsException("Cannot initialize login module", e);
  54                 }
  55         }
  56
  57         @Override
  58         public boolean login() throws LoginException {
  59                 Authorization sharedAuth = (Authorization) sharedState.get(CmsAuthUtils.SHARED_STATE_AUTHORIZATION);
  60                 if (sharedAuth != null) {
  61                         if (callbackHandler == null && sharedAuth.getName() != null)
  62                                 throw new LoginException("Shared authorization should be anonymous");
  63                         return false;
  64                 }
  65                 UserAdmin userAdmin = bc.getService(bc.getServiceReference(UserAdmin.class));
  66                 if (callbackHandler == null) {// anonymous
  67                         authorization = userAdmin.getAuthorization(null);
  68                         sharedState.put(CmsAuthUtils.SHARED_STATE_AUTHORIZATION, authorization);
  69                         return true;
  70                 }
  71
  72                 final String username;
  73                 final char[] password;
  74                 if (sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME)
  75                                 && sharedState.containsKey(CmsAuthUtils.SHARED_STATE_PWD)) {
  76                         username = (String) sharedState.get(CmsAuthUtils.SHARED_STATE_NAME);
  77                         password = (char[]) sharedState.get(CmsAuthUtils.SHARED_STATE_NAME);
  78                         // TODO locale?
  79                 } else {
  80
  81                         // ask for username and password
  82                         NameCallback nameCallback = new NameCallback("User");
  83                         PasswordCallback passwordCallback = new PasswordCallback("Password", false);
  84                         LanguageCallback langCallback = new LanguageCallback();
  85                         try {
  86                                 callbackHandler.handle(new Callback[] { nameCallback, passwordCallback, langCallback });
  87                         } catch (IOException e) {
  88                                 throw new LoginException("Cannot handle callback: " + e.getMessage());
  89                                 // } catch (ThreadDeath e) {
  90                                 // throw new ThreadDeathLoginException("Callbackhandler thread
  91                                 // died", e);
  92                         } catch (UnsupportedCallbackException e) {
  93                                 return false;
  94                         }
  95
  96                         // i18n
  97                         Locale locale = langCallback.getLocale();
  98                         if (locale == null)
  99                                 locale = Locale.getDefault();
 100                         UiContext.setLocale(locale);
 101
 102                         // authorization = (Authorization)
 103                         // sharedState.get(CmsAuthUtils.SHARED_STATE_AUTHORIZATION);
 104                         //
 105                         // if (authorization == null) {
 106                         // create credentials
 107                         username = nameCallback.getName();
 108                         if (username == null || username.trim().equals("")) {
 109                                 // authorization = userAdmin.getAuthorization(null);
 110                                 throw new CredentialNotFoundException("No credentials provided");
 111                         }
 112                         // char[] password = {};
 113                         if (passwordCallback.getPassword() != null)
 114                                 password = passwordCallback.getPassword();
 115                         else
 116                                 throw new CredentialNotFoundException("No credentials provided");
 117                 }
 118
 119                 // FIXME move Argeo specific convention from user admin to here
 120                 User user = userAdmin.getUser(null, username);
 121                 if (user == null)
 122                         throw new FailedLoginException("Invalid credentials");
 123                 if (!user.hasCredential(null, password))
 124                         throw new FailedLoginException("Invalid credentials");
 125                 // return false;
 126
 127                 // Log and monitor new login
 128                 // if (log.isDebugEnabled())
 129                 // log.debug("Logged in to CMS with username [" + username +
 130                 // "]");
 131
 132                 authorization = userAdmin.getAuthorization(user);
 133                 assert authorization != null;
 134
 135                 // }
 136                 // if
 137                 // (!sharedState.containsKey(CmsAuthUtils.SHARED_STATE_AUTHORIZATION))
 138                 sharedState.put(CmsAuthUtils.SHARED_STATE_AUTHORIZATION, authorization);
 139                 return authorization != null;
 140         }
 141
 142         @Override
 143         public boolean commit() throws LoginException {
 144                 // Set<KerberosPrincipal> kerberosPrincipals =
 145                 // subject.getPrincipals(KerberosPrincipal.class);
 146                 // if (kerberosPrincipals.size() != 0) {
 147                 // KerberosPrincipal kerberosPrincipal =
 148                 // kerberosPrincipals.iterator().next();
 149                 // System.out.println(kerberosPrincipal);
 150                 // UserAdmin userAdmin =
 151                 // bc.getService(bc.getServiceReference(UserAdmin.class));
 152                 // User user = userAdmin.getUser(null, kerberosPrincipal.getName());
 153                 // Authorization authorization = userAdmin.getAuthorization(user);
 154                 // sharedState.put(SHARED_STATE_AUTHORIZATION, authorization);
 155                 // }
 156                 if (authorization == null) {
 157                         return false;
 158                         // throw new LoginException("Authorization should not be null");
 159                 } else {
 160                         CmsAuthUtils.addAuthentication(subject, authorization);
 161                         return true;
 162                 }
 163         }
 164
 165         @Override
 166         public boolean abort() throws LoginException {
 167                 authorization = null;
 168                 return true;
 169         }
 170
 171         @Override
 172         public boolean logout() throws LoginException {
 173                 CmsAuthUtils.cleanUp(subject);
 174                 return true;
 175         }
 176 }