security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java

   1 package org.argeo.security.equinox;
   2
   3 import java.util.Map;
   4
   5 import javax.security.auth.Subject;
   6 import javax.security.auth.callback.Callback;
   7 import javax.security.auth.callback.CallbackHandler;
   8 import javax.security.auth.callback.NameCallback;
   9 import javax.security.auth.callback.PasswordCallback;
  10 import javax.security.auth.callback.TextOutputCallback;
  11 import javax.security.auth.login.LoginException;
  12
  13 import org.springframework.security.Authentication;
  14 import org.springframework.security.AuthenticationManager;
  15 import org.springframework.security.BadCredentialsException;
  16 import org.springframework.security.context.SecurityContextHolder;
  17 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
  18 import org.springframework.security.providers.jaas.SecurityContextLoginModule;
  19
  20 /** Login module which caches one subject per thread. */
  21 public class SpringLoginModule extends SecurityContextLoginModule {
  22         private AuthenticationManager authenticationManager;
  23
  24         private CallbackHandler callbackHandler;
  25
  26         public SpringLoginModule() {
  27
  28         }
  29
  30         @SuppressWarnings("rawtypes")
  31         public void initialize(Subject subject, CallbackHandler callbackHandler,
  32                         Map sharedState, Map options) {
  33                 super.initialize(subject, callbackHandler, sharedState, options);
  34                 // this.subject.set(subject);
  35                 this.callbackHandler = callbackHandler;
  36         }
  37
  38         public boolean login() throws LoginException {
  39                 // thread already logged in
  40                 if (SecurityContextHolder.getContext().getAuthentication() != null)
  41                         return super.login();
  42
  43                 // if (getSubject().getPrincipals(Authentication.class).size() == 1) {
  44                 // registerAuthentication(getSubject()
  45                 // .getPrincipals(Authentication.class).iterator().next());
  46                 // return super.login();
  47                 // } else if (getSubject().getPrincipals(Authentication.class).size() >
  48                 // 1) {
  49                 // throw new LoginException(
  50                 // "Multiple Authentication principals not supported: "
  51                 // + getSubject().getPrincipals(Authentication.class));
  52                 // } else {
  53                 // ask for username and password
  54                 Callback label = new TextOutputCallback(TextOutputCallback.INFORMATION,
  55                                 "Required login");
  56                 NameCallback nameCallback = new NameCallback("User");
  57                 PasswordCallback passwordCallback = new PasswordCallback("Password",
  58                                 false);
  59
  60                 if (callbackHandler == null) {
  61                         throw new LoginException("No call back handler available");
  62                         // return false;
  63                 }
  64                 try {
  65                         callbackHandler.handle(new Callback[] { label, nameCallback,
  66                                         passwordCallback });
  67                 } catch (Exception e) {
  68                         LoginException le = new LoginException("Callback handling failed");
  69                         le.initCause(e);
  70                         throw le;
  71                 }
  72
  73                 // Set user name and password
  74                 String username = nameCallback.getName();
  75                 String password = "";
  76                 if (passwordCallback.getPassword() != null) {
  77                         password = String.valueOf(passwordCallback.getPassword());
  78                 }
  79                 UsernamePasswordAuthenticationToken credentials = new UsernamePasswordAuthenticationToken(
  80                                 username, password);
  81
  82                 try {
  83                         Authentication authentication = authenticationManager
  84                                         .authenticate(credentials);
  85                         registerAuthentication(authentication);
  86                         boolean res = super.login();
  87                         // if (log.isDebugEnabled())
  88                         // log.debug("User " + username + " logged in");
  89                         return res;
  90                 } catch (BadCredentialsException bce) {
  91                         throw bce;
  92                 } catch (Exception e) {
  93                         LoginException loginException = new LoginException(
  94                                         "Bad credentials");
  95                         loginException.initCause(e);
  96                         throw loginException;
  97                 }
  98                 // }
  99         }
 100
 101         @Override
 102         public boolean logout() throws LoginException {
 103                 return super.logout();
 104         }
 105
 106         /**
 107          * Register an {@link Authentication} in the security context.
 108          *
 109          * @param authentication
 110          *            has to implement {@link Authentication}.
 111          */
 112         protected void registerAuthentication(Object authentication) {
 113                 SecurityContextHolder.getContext().setAuthentication(
 114                                 (Authentication) authentication);
 115         }
 116
 117         public void setAuthenticationManager(
 118                         AuthenticationManager authenticationManager) {
 119                 this.authenticationManager = authenticationManager;
 120         }
 121
 122         // protected Subject getSubject() {
 123         // return subject.get();
 124         // }
 125
 126 }