2 * Copyright (C) 2007-2012 Mathieu Baudier
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 package org
.argeo
.security
.equinox
;
19 import java
.util
.UUID
;
21 import javax
.security
.auth
.Subject
;
22 import javax
.security
.auth
.callback
.Callback
;
23 import javax
.security
.auth
.callback
.CallbackHandler
;
24 import javax
.security
.auth
.callback
.NameCallback
;
25 import javax
.security
.auth
.callback
.PasswordCallback
;
26 import javax
.security
.auth
.login
.LoginException
;
28 import org
.apache
.commons
.logging
.Log
;
29 import org
.apache
.commons
.logging
.LogFactory
;
30 import org
.argeo
.security
.NodeAuthenticationToken
;
31 import org
.springframework
.security
.Authentication
;
32 import org
.springframework
.security
.AuthenticationManager
;
33 import org
.springframework
.security
.BadCredentialsException
;
34 import org
.springframework
.security
.GrantedAuthority
;
35 import org
.springframework
.security
.GrantedAuthorityImpl
;
36 import org
.springframework
.security
.context
.SecurityContextHolder
;
37 import org
.springframework
.security
.providers
.anonymous
.AnonymousAuthenticationToken
;
38 import org
.springframework
.security
.providers
.jaas
.SecurityContextLoginModule
;
40 /** Login module which caches one subject per thread. */
41 public class SpringLoginModule
extends SecurityContextLoginModule
{
42 final static String NODE_REPO_URI
= "argeo.node.repo.uri";
44 private final static Log log
= LogFactory
.getLog(SpringLoginModule
.class);
46 private AuthenticationManager authenticationManager
;
48 private CallbackHandler callbackHandler
;
50 private Subject subject
;
52 private Long waitBetweenFailedLoginAttempts
= 5 * 1000l;
54 private Boolean remote
= false;
55 private Boolean anonymous
= false;
57 private String key
= null;
58 private String anonymousRole
= "ROLE_ANONYMOUS";
60 public SpringLoginModule() {
64 @SuppressWarnings("rawtypes")
65 public void initialize(Subject subject
, CallbackHandler callbackHandler
,
66 Map sharedState
, Map options
) {
67 super.initialize(subject
, callbackHandler
, sharedState
, options
);
68 this.callbackHandler
= callbackHandler
;
69 this.subject
= subject
;
72 public boolean login() throws LoginException
{
74 // thread already logged in
75 if (SecurityContextHolder
.getContext().getAuthentication() != null)
78 if (remote
&& anonymous
)
79 throw new LoginException(
80 "Cannot have a Spring login module which is remote and anonymous");
82 // reset all principals and credentials
83 if (log
.isTraceEnabled())
84 log
.trace("Resetting all principals and credentials of "
86 if (subject
.getPrincipals() != null)
87 subject
.getPrincipals().clear();
88 if (subject
.getPrivateCredentials() != null)
89 subject
.getPrivateCredentials().clear();
90 if (subject
.getPublicCredentials() != null)
91 subject
.getPublicCredentials().clear();
93 // deals first with public access since it's simple
95 // TODO integrate with JCR?
96 Object principal
= UUID
.randomUUID().toString();
97 GrantedAuthority
[] authorities
= { new GrantedAuthorityImpl(
99 AnonymousAuthenticationToken anonymousToken
= new AnonymousAuthenticationToken(
100 key
, principal
, authorities
);
101 Authentication auth
= authenticationManager
102 .authenticate(anonymousToken
);
103 registerAuthentication(auth
);
104 return super.login();
107 if (callbackHandler
== null)
108 throw new LoginException("No call back handler available");
110 // ask for username and password
111 NameCallback nameCallback
= new NameCallback("User");
112 PasswordCallback passwordCallback
= new PasswordCallback(
114 final String defaultNodeUrl
= "http://localhost:7070/org.argeo.jcr.webapp/remoting/node";
115 final String defaultSecurityWorkspace
= "security";
116 NameCallback urlCallback
= new NameCallback("Site URL",
118 NameCallback securityWorkspaceCallback
= new NameCallback(
119 "Security Workspace", defaultSecurityWorkspace
);
123 callbackHandler
.handle(new Callback
[] { nameCallback
,
124 passwordCallback
, urlCallback
,
125 securityWorkspaceCallback
});
127 callbackHandler
.handle(new Callback
[] { nameCallback
,
130 // create credentials
131 String username
= nameCallback
.getName();
132 if (username
== null || username
.trim().equals(""))
135 String password
= "";
136 if (passwordCallback
.getPassword() != null)
137 password
= String
.valueOf(passwordCallback
.getPassword());
139 NodeAuthenticationToken credentials
;
141 String url
= urlCallback
.getName();
142 String workspace
= securityWorkspaceCallback
.getName();
143 credentials
= new NodeAuthenticationToken(username
, password
,
146 credentials
= new NodeAuthenticationToken(username
, password
);
149 Authentication authentication
;
151 authentication
= authenticationManager
152 .authenticate(credentials
);
153 } catch (BadCredentialsException e
) {
154 // wait between failed login attempts
155 Thread
.sleep(waitBetweenFailedLoginAttempts
);
158 registerAuthentication(authentication
);
159 boolean res
= super.login();
161 } catch (LoginException e
) {
163 } catch (ThreadDeath e
) {
164 LoginException le
= new LoginException(
165 "Spring Security login thread died");
168 } catch (Exception e
) {
169 LoginException le
= new LoginException(
170 "Spring Security login failed");
177 public boolean logout() throws LoginException
{
178 subject
.getPrincipals().clear();
179 return super.logout();
183 * Register an {@link Authentication} in the security context.
185 * @param authentication
186 * has to implement {@link Authentication}.
188 protected void registerAuthentication(Object authentication
) {
189 SecurityContextHolder
.getContext().setAuthentication(
190 (Authentication
) authentication
);
193 public void setAuthenticationManager(
194 AuthenticationManager authenticationManager
) {
195 this.authenticationManager
= authenticationManager
;
198 /** Authenticates on a remote node */
199 public void setRemote(Boolean remote
) {
200 this.remote
= remote
;
204 * Request anonymous authentication (incompatible with remote)
206 public void setAnonymous(Boolean anonymous
) {
207 this.anonymous
= anonymous
;
210 /** Role identifying an anonymous user */
211 public void setAnonymousRole(String anonymousRole
) {
212 this.anonymousRole
= anonymousRole
;
216 public void setKey(String key
) {