]> git.argeo.org Git - lgpl/argeo-commons.git/blob - org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fix build
[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / auth / UserAdminLoginModule.java
1 package org.argeo.cms.auth;
2
3 import java.io.IOException;
4 import java.util.Iterator;
5 import java.util.Map;
6 import java.util.Set;
7
8 import javax.security.auth.Subject;
9 import javax.security.auth.callback.Callback;
10 import javax.security.auth.callback.CallbackHandler;
11 import javax.security.auth.callback.NameCallback;
12 import javax.security.auth.callback.PasswordCallback;
13 import javax.security.auth.callback.UnsupportedCallbackException;
14 import javax.security.auth.login.CredentialNotFoundException;
15 import javax.security.auth.login.LoginException;
16 import javax.security.auth.spi.LoginModule;
17 import javax.servlet.http.HttpServletRequest;
18 import javax.servlet.http.HttpSession;
19
20 import org.argeo.ArgeoException;
21 import org.argeo.cms.internal.kernel.Activator;
22 import org.osgi.framework.BundleContext;
23 import org.osgi.service.http.HttpContext;
24 import org.osgi.service.useradmin.Authorization;
25 import org.osgi.service.useradmin.User;
26 import org.osgi.service.useradmin.UserAdmin;
27
28 public class UserAdminLoginModule implements LoginModule, AuthConstants {
29 private Subject subject;
30 private CallbackHandler callbackHandler;
31 private boolean isAnonymous = false;
32
33 private HttpServletRequest request = null;
34
35 @Override
36 public void initialize(Subject subject, CallbackHandler callbackHandler,
37 Map<String, ?> sharedState, Map<String, ?> options) {
38 try {
39 this.subject = subject;
40 this.callbackHandler = callbackHandler;
41 if (options.containsKey("anonymous"))
42 isAnonymous = Boolean.parseBoolean(options.get("anonymous")
43 .toString());
44 } catch (Exception e) {
45 throw new ArgeoException("Cannot initialize login module", e);
46 }
47 }
48
49 @Override
50 public boolean login() throws LoginException {
51 BundleContext bc = Activator.getBundleContext();
52 UserAdmin userAdmin = bc.getService(bc
53 .getServiceReference(UserAdmin.class));
54 Authorization authorization = null;
55 if (isAnonymous) {
56 authorization = userAdmin.getAuthorization(null);
57 } else {
58 HttpRequestCallback httpCallback = new HttpRequestCallback();
59 // ask for username and password
60 NameCallback nameCallback = new NameCallback("User");
61 PasswordCallback passwordCallback = new PasswordCallback(
62 "Password", false);
63 try {
64 callbackHandler.handle(new Callback[] { httpCallback,
65 nameCallback, passwordCallback });
66 } catch (IOException e) {
67 throw new LoginException("Cannot handle http callback: "
68 + e.getMessage());
69 } catch (UnsupportedCallbackException e) {
70 return false;
71 }
72 request = httpCallback.getRequest();
73 if (request != null) {
74 authorization = (Authorization) request
75 .getAttribute(HttpContext.AUTHORIZATION);
76 if (authorization == null)
77 authorization = (Authorization) request.getSession()
78 .getAttribute(HttpContext.AUTHORIZATION);
79 }
80 // if (authorization == null || authorization.getName() == null)
81 // if (!isAnonymous) {
82 // // ask for username and password
83 // NameCallback nameCallback = new NameCallback("User");
84 // PasswordCallback passwordCallback = new PasswordCallback(
85 // "Password", false);
86 //
87 // // handle callbacks
88 // try {
89 // callbackHandler.handle(new Callback[] { nameCallback,
90 // passwordCallback });
91 // } catch (Exception e) {
92 // throw new ArgeoException("Cannot handle callbacks", e);
93 // }
94
95 if (authorization == null) {
96 // create credentials
97 final String username = nameCallback.getName();
98 if (username == null || username.trim().equals("")) {
99 // authorization = userAdmin.getAuthorization(null);
100 throw new CredentialNotFoundException(
101 "No credentials provided");
102 } else {
103 char[] password = {};
104 if (passwordCallback.getPassword() != null)
105 password = passwordCallback.getPassword();
106 else
107 throw new CredentialNotFoundException(
108 "No credentials provided");
109
110 User user = userAdmin.getUser(null, username);
111 if (user == null)
112 return false;
113 if (!user.hasCredential(null, password))
114 return false;
115 authorization = userAdmin.getAuthorization(user);
116 }
117 }
118 // } else {
119 // authorization = userAdmin.getAuthorization(null);
120 // }
121 }
122 subject.getPrivateCredentials().add(authorization);
123 return true;
124 }
125
126 @Override
127 public boolean commit() throws LoginException {
128 Authorization authorization = subject
129 .getPrivateCredentials(Authorization.class).iterator().next();
130 if (request != null) {
131 request.setAttribute(HttpContext.REMOTE_USER,
132 authorization.getName());
133 request.setAttribute(HttpContext.AUTHORIZATION, authorization);
134 request.getSession().setAttribute(HttpContext.AUTHORIZATION,
135 authorization);
136 subject.getPrivateCredentials().add(request.getSession());
137 }
138 return true;
139 }
140
141 @Override
142 public boolean abort() throws LoginException {
143 cleanUp();
144 return true;
145 }
146
147 @Override
148 public boolean logout() throws LoginException {
149 Set<HttpSession> httpSession = subject
150 .getPrivateCredentials(HttpSession.class);
151 Iterator<HttpSession> it = httpSession.iterator();
152 while (it.hasNext()) {
153 HttpSession sess = it.next();
154 sess.setAttribute(HttpContext.AUTHORIZATION, null);
155 // sess.setMaxInactiveInterval(1);// invalidate session
156 }
157 subject.getPrivateCredentials().removeAll(httpSession);
158 cleanUp();
159 return true;
160 }
161
162 private void cleanUp() {
163 subject.getPrivateCredentials().removeAll(
164 subject.getPrivateCredentials(Authorization.class));
165 subject = null;
166 }
167
168 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi