1 package org
.argeo
.cms
.integration
;
3 import java
.io
.IOException
;
4 import java
.util
.Locale
;
7 import javax
.security
.auth
.Subject
;
8 import javax
.security
.auth
.callback
.Callback
;
9 import javax
.security
.auth
.callback
.NameCallback
;
10 import javax
.security
.auth
.callback
.PasswordCallback
;
11 import javax
.security
.auth
.callback
.UnsupportedCallbackException
;
12 import javax
.security
.auth
.login
.LoginContext
;
13 import javax
.security
.auth
.login
.LoginException
;
14 import javax
.servlet
.ServletException
;
15 import javax
.servlet
.http
.HttpServlet
;
16 import javax
.servlet
.http
.HttpServletRequest
;
17 import javax
.servlet
.http
.HttpServletResponse
;
19 import org
.argeo
.api
.cms
.CmsAuth
;
20 import org
.argeo
.api
.cms
.CmsSessionId
;
21 import org
.argeo
.cms
.auth
.RemoteAuthCallback
;
22 import org
.argeo
.cms
.auth
.RemoteAuthCallbackHandler
;
23 import org
.argeo
.cms
.servlet
.ServletHttpRequest
;
24 import org
.argeo
.cms
.servlet
.ServletHttpResponse
;
25 import org
.osgi
.service
.useradmin
.Authorization
;
27 import com
.fasterxml
.jackson
.core
.JsonGenerator
;
28 import com
.fasterxml
.jackson
.databind
.ObjectMapper
;
30 /** Externally authenticate an http session. */
31 public class CmsLoginServlet
extends HttpServlet
{
32 public final static String PARAM_USERNAME
= "username";
33 public final static String PARAM_PASSWORD
= "password";
35 private static final long serialVersionUID
= 2478080654328751539L;
36 private ObjectMapper objectMapper
= new ObjectMapper();
39 protected void doGet(HttpServletRequest request
, HttpServletResponse response
)
40 throws ServletException
, IOException
{
41 doPost(request
, response
);
45 protected void doPost(HttpServletRequest req
, HttpServletResponse resp
) throws ServletException
, IOException
{
46 LoginContext lc
= null;
47 String username
= req
.getParameter(PARAM_USERNAME
);
48 String password
= req
.getParameter(PARAM_PASSWORD
);
49 ServletHttpRequest request
= new ServletHttpRequest(req
);
50 ServletHttpResponse response
= new ServletHttpResponse(resp
);
52 lc
= new LoginContext(CmsAuth
.LOGIN_CONTEXT_USER
, new RemoteAuthCallbackHandler(request
, response
) {
53 public void handle(Callback
[] callbacks
) throws IOException
, UnsupportedCallbackException
{
54 for (Callback callback
: callbacks
) {
55 if (callback
instanceof NameCallback
&& username
!= null)
56 ((NameCallback
) callback
).setName(username
);
57 else if (callback
instanceof PasswordCallback
&& password
!= null)
58 ((PasswordCallback
) callback
).setPassword(password
.toCharArray());
59 else if (callback
instanceof RemoteAuthCallback
) {
60 ((RemoteAuthCallback
) callback
).setRequest(request
);
61 ((RemoteAuthCallback
) callback
).setResponse(response
);
68 Subject subject
= lc
.getSubject();
69 CmsSessionId cmsSessionId
= extractFrom(subject
.getPrivateCredentials(CmsSessionId
.class));
70 if (cmsSessionId
== null) {
71 resp
.setStatus(HttpServletResponse
.SC_UNAUTHORIZED
);
74 Authorization authorization
= extractFrom(subject
.getPrivateCredentials(Authorization
.class));
75 Locale locale
= extractFrom(subject
.getPublicCredentials(Locale
.class));
77 CmsSessionDescriptor cmsSessionDescriptor
= new CmsSessionDescriptor(authorization
.getName(),
78 cmsSessionId
.getUuid().toString(), authorization
.getRoles(), authorization
.toString(),
79 locale
!= null ? locale
.toString() : null);
81 resp
.setContentType("application/json");
82 JsonGenerator jg
= objectMapper
.getFactory().createGenerator(resp
.getWriter());
83 jg
.writeObject(cmsSessionDescriptor
);
85 String redirectTo
= redirectTo(req
);
86 if (redirectTo
!= null)
87 resp
.sendRedirect(redirectTo
);
88 } catch (LoginException e
) {
89 resp
.setStatus(HttpServletResponse
.SC_UNAUTHORIZED
);
94 protected <T
> T
extractFrom(Set
<T
> creds
) {
96 return creds
.iterator().next();
102 * To be overridden in order to return a richer {@link CmsSessionDescriptor} to
105 protected CmsSessionDescriptor
enrichJson(CmsSessionDescriptor cmsSessionDescriptor
) {
106 return cmsSessionDescriptor
;
109 protected String
redirectTo(HttpServletRequest request
) {