security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/OsSpringLoginModule.java

   1 package org.argeo.security.equinox;
   2
   3 import java.util.Map;
   4
   5 import javax.security.auth.Subject;
   6 import javax.security.auth.callback.CallbackHandler;
   7 import javax.security.auth.login.LoginException;
   8
   9 import org.argeo.security.OsAuthenticationToken;
  10 import org.springframework.security.Authentication;
  11 import org.springframework.security.AuthenticationManager;
  12 import org.springframework.security.context.SecurityContextHolder;
  13 import org.springframework.security.providers.jaas.SecurityContextLoginModule;
  14
  15 /** Login module which caches one subject per thread. */
  16 public class OsSpringLoginModule extends SecurityContextLoginModule {
  17         // private final static Log log =
  18         // LogFactory.getLog(OsSpringLoginModule.class);
  19
  20         private AuthenticationManager authenticationManager;
  21
  22         private Subject subject;
  23
  24         public OsSpringLoginModule() {
  25
  26         }
  27
  28         @SuppressWarnings("rawtypes")
  29         public void initialize(Subject subject, CallbackHandler callbackHandler,
  30                         Map sharedState, Map options) {
  31                 super.initialize(subject, callbackHandler, sharedState, options);
  32                 this.subject = subject;
  33         }
  34
  35         public boolean login() throws LoginException {
  36                 // thread already logged in
  37                 if (SecurityContextHolder.getContext().getAuthentication() != null)
  38                         return super.login();
  39
  40                 OsAuthenticationToken oat = new OsAuthenticationToken();
  41                 Authentication authentication = authenticationManager.authenticate(oat);
  42                 registerAuthentication(authentication);
  43                 return super.login();
  44         }
  45
  46         @Override
  47         public boolean logout() throws LoginException {
  48                 subject.getPrincipals().clear();
  49                 return super.logout();
  50         }
  51
  52         /**
  53          * Register an {@link Authentication} in the security context.
  54          *
  55          * @param authentication
  56          *            has to implement {@link Authentication}.
  57          */
  58         protected void registerAuthentication(Object authentication) {
  59                 SecurityContextHolder.getContext().setAuthentication(
  60                                 (Authentication) authentication);
  61         }
  62
  63         public void setAuthenticationManager(
  64                         AuthenticationManager authenticationManager) {
  65                 this.authenticationManager = authenticationManager;
  66         }
  67 }