org.argeo.cms.ee/src/org/argeo/cms/integration/CmsLoginServlet.java

   1 package org.argeo.cms.integration;
   2
   3 import java.io.IOException;
   4 import java.util.Locale;
   5 import java.util.Set;
   6
   7 import javax.security.auth.Subject;
   8 import javax.security.auth.callback.Callback;
   9 import javax.security.auth.callback.NameCallback;
  10 import javax.security.auth.callback.PasswordCallback;
  11 import javax.security.auth.callback.UnsupportedCallbackException;
  12 import javax.security.auth.login.LoginContext;
  13 import javax.security.auth.login.LoginException;
  14 import javax.servlet.ServletException;
  15 import javax.servlet.http.HttpServlet;
  16 import javax.servlet.http.HttpServletRequest;
  17 import javax.servlet.http.HttpServletResponse;
  18
  19 import org.argeo.api.cms.CmsAuth;
  20 import org.argeo.api.cms.CmsSessionId;
  21 import org.argeo.cms.auth.RemoteAuthCallback;
  22 import org.argeo.cms.auth.RemoteAuthCallbackHandler;
  23 import org.argeo.cms.servlet.ServletHttpRequest;
  24 import org.argeo.cms.servlet.ServletHttpResponse;
  25 import org.osgi.service.useradmin.Authorization;
  26
  27 import com.fasterxml.jackson.core.JsonGenerator;
  28 import com.fasterxml.jackson.databind.ObjectMapper;
  29
  30 /** Externally authenticate an http session. */
  31 public class CmsLoginServlet extends HttpServlet {
  32         public final static String PARAM_USERNAME = "username";
  33         public final static String PARAM_PASSWORD = "password";
  34
  35         private static final long serialVersionUID = 2478080654328751539L;
  36         private ObjectMapper objectMapper = new ObjectMapper();
  37
  38         @Override
  39         protected void doGet(HttpServletRequest request, HttpServletResponse response)
  40                         throws ServletException, IOException {
  41                 doPost(request, response);
  42         }
  43
  44         @Override
  45         protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
  46                 LoginContext lc = null;
  47                 String username = req.getParameter(PARAM_USERNAME);
  48                 String password = req.getParameter(PARAM_PASSWORD);
  49                 ServletHttpRequest request = new ServletHttpRequest(req);
  50                 ServletHttpResponse response = new ServletHttpResponse(resp);
  51                 try {
  52                         lc = new LoginContext(CmsAuth.LOGIN_CONTEXT_USER, new RemoteAuthCallbackHandler(request, response) {
  53                                 public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
  54                                         for (Callback callback : callbacks) {
  55                                                 if (callback instanceof NameCallback && username != null)
  56                                                         ((NameCallback) callback).setName(username);
  57                                                 else if (callback instanceof PasswordCallback && password != null)
  58                                                         ((PasswordCallback) callback).setPassword(password.toCharArray());
  59                                                 else if (callback instanceof RemoteAuthCallback) {
  60                                                         ((RemoteAuthCallback) callback).setRequest(request);
  61                                                         ((RemoteAuthCallback) callback).setResponse(response);
  62                                                 }
  63                                         }
  64                                 }
  65                         });
  66                         lc.login();
  67
  68                         Subject subject = lc.getSubject();
  69                         CmsSessionId cmsSessionId = extractFrom(subject.getPrivateCredentials(CmsSessionId.class));
  70                         if (cmsSessionId == null) {
  71                                 resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
  72                                 return;
  73                         }
  74                         Authorization authorization = extractFrom(subject.getPrivateCredentials(Authorization.class));
  75                         Locale locale = extractFrom(subject.getPublicCredentials(Locale.class));
  76
  77                         CmsSessionDescriptor cmsSessionDescriptor = new CmsSessionDescriptor(authorization.getName(),
  78                                         cmsSessionId.getUuid().toString(), authorization.getRoles(), authorization.toString(),
  79                                         locale != null ? locale.toString() : null);
  80
  81                         resp.setContentType("application/json");
  82                         JsonGenerator jg = objectMapper.getFactory().createGenerator(resp.getWriter());
  83                         jg.writeObject(cmsSessionDescriptor);
  84
  85                         String redirectTo = redirectTo(req);
  86                         if (redirectTo != null)
  87                                 resp.sendRedirect(redirectTo);
  88                 } catch (LoginException e) {
  89                         resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
  90                         return;
  91                 }
  92         }
  93
  94         protected <T> T extractFrom(Set<T> creds) {
  95                 if (creds.size() > 0)
  96                         return creds.iterator().next();
  97                 else
  98                         return null;
  99         }
 100
 101         /**
 102          * To be overridden in order to return a richer {@link CmsSessionDescriptor} to
 103          * be serialized.
 104          */
 105         protected CmsSessionDescriptor enrichJson(CmsSessionDescriptor cmsSessionDescriptor) {
 106                 return cmsSessionDescriptor;
 107         }
 108
 109         protected String redirectTo(HttpServletRequest request) {
 110                 return null;
 111         }
 112 }