1 package org
.argeo
.security
.equinox
;
5 import javax
.security
.auth
.Subject
;
6 import javax
.security
.auth
.callback
.Callback
;
7 import javax
.security
.auth
.callback
.CallbackHandler
;
8 import javax
.security
.auth
.callback
.NameCallback
;
9 import javax
.security
.auth
.callback
.PasswordCallback
;
10 import javax
.security
.auth
.callback
.TextOutputCallback
;
11 import javax
.security
.auth
.login
.LoginException
;
13 import org
.apache
.commons
.logging
.Log
;
14 import org
.apache
.commons
.logging
.LogFactory
;
15 import org
.argeo
.security
.SiteAuthenticationToken
;
16 import org
.springframework
.security
.Authentication
;
17 import org
.springframework
.security
.AuthenticationManager
;
18 import org
.springframework
.security
.BadCredentialsException
;
19 import org
.springframework
.security
.context
.SecurityContextHolder
;
20 import org
.springframework
.security
.providers
.jaas
.SecurityContextLoginModule
;
22 /** Login module which caches one subject per thread. */
23 public class SpringLoginModule
extends SecurityContextLoginModule
{
24 private final static Log log
= LogFactory
.getLog(SpringLoginModule
.class);
26 private AuthenticationManager authenticationManager
;
28 private CallbackHandler callbackHandler
;
30 private Subject subject
;
32 private Long waitBetweenFailedLoginAttempts
= 5*1000l;
34 public SpringLoginModule() {
38 @SuppressWarnings("rawtypes")
39 public void initialize(Subject subject
, CallbackHandler callbackHandler
,
40 Map sharedState
, Map options
) {
41 super.initialize(subject
, callbackHandler
, sharedState
, options
);
42 this.callbackHandler
= callbackHandler
;
43 this.subject
= subject
;
46 public boolean login() throws LoginException
{
48 // thread already logged in
49 if (SecurityContextHolder
.getContext().getAuthentication() != null)
52 // reset all principals and credentials
53 if (log
.isTraceEnabled())
54 log
.trace("Resetting all principals and credentials of "
56 if (subject
.getPrincipals() != null)
57 subject
.getPrincipals().clear();
58 if (subject
.getPrivateCredentials() != null)
59 subject
.getPrivateCredentials().clear();
60 if (subject
.getPublicCredentials() != null)
61 subject
.getPublicCredentials().clear();
63 // ask for username and password
64 Callback label
= new TextOutputCallback(
65 TextOutputCallback
.INFORMATION
, "Required login");
66 NameCallback nameCallback
= new NameCallback("User");
67 PasswordCallback passwordCallback
= new PasswordCallback(
70 // NameCallback urlCallback = new NameCallback("Site URL");
72 if (callbackHandler
== null)
73 throw new LoginException("No call back handler available");
74 callbackHandler
.handle(new Callback
[] { label
, nameCallback
,
77 // Set user name and password
78 String username
= nameCallback
.getName();
79 if (username
== null || username
.trim().equals(""))
83 if (passwordCallback
.getPassword() != null)
84 password
= String
.valueOf(passwordCallback
.getPassword());
86 // String url = urlCallback.getName();
87 // TODO: set it via system properties
88 String workspace
= null;
90 SiteAuthenticationToken credentials
= new SiteAuthenticationToken(
91 username
, password
, null, workspace
);
93 Authentication authentication
;
95 authentication
= authenticationManager
96 .authenticate(credentials
);
97 } catch (BadCredentialsException e
) {
98 // wait between failed login attempts
99 Thread
.sleep(waitBetweenFailedLoginAttempts
);
102 registerAuthentication(authentication
);
103 boolean res
= super.login();
105 } catch (LoginException e
) {
107 } catch (ThreadDeath e
) {
108 LoginException le
= new LoginException(
109 "Spring Security login thread died");
112 } catch (Exception e
) {
113 LoginException le
= new LoginException(
114 "Spring Security login failed");
121 public boolean logout() throws LoginException
{
122 subject
.getPrincipals().clear();
123 return super.logout();
127 * Register an {@link Authentication} in the security context.
129 * @param authentication
130 * has to implement {@link Authentication}.
132 protected void registerAuthentication(Object authentication
) {
133 SecurityContextHolder
.getContext().setAuthentication(
134 (Authentication
) authentication
);
137 public void setAuthenticationManager(
138 AuthenticationManager authenticationManager
) {
139 this.authenticationManager
= authenticationManager
;