security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java

   1 package org.argeo.security.equinox;
   2
   3 import java.util.Map;
   4 import java.util.Set;
   5
   6 import javax.security.auth.Subject;
   7 import javax.security.auth.callback.Callback;
   8 import javax.security.auth.callback.CallbackHandler;
   9 import javax.security.auth.callback.NameCallback;
  10 import javax.security.auth.callback.PasswordCallback;
  11 import javax.security.auth.callback.TextOutputCallback;
  12 import javax.security.auth.login.LoginException;
  13
  14 import org.apache.commons.logging.Log;
  15 import org.apache.commons.logging.LogFactory;
  16 import org.argeo.security.SiteAuthenticationToken;
  17 import org.springframework.security.Authentication;
  18 import org.springframework.security.AuthenticationManager;
  19 import org.springframework.security.BadCredentialsException;
  20 import org.springframework.security.context.SecurityContextHolder;
  21 import org.springframework.security.providers.jaas.SecurityContextLoginModule;
  22
  23 /** Login module which caches one subject per thread. */
  24 public class SpringLoginModule extends SecurityContextLoginModule {
  25         private final static Log log = LogFactory.getLog(SpringLoginModule.class);
  26
  27         private AuthenticationManager authenticationManager;
  28
  29         private CallbackHandler callbackHandler;
  30
  31         private Subject subject;
  32
  33         public SpringLoginModule() {
  34
  35         }
  36
  37         @SuppressWarnings("rawtypes")
  38         public void initialize(Subject subject, CallbackHandler callbackHandler,
  39                         Map sharedState, Map options) {
  40                 super.initialize(subject, callbackHandler, sharedState, options);
  41                 this.callbackHandler = callbackHandler;
  42                 this.subject = subject;
  43         }
  44
  45         public boolean login() throws LoginException {
  46                 // try to retrieve Authentication from Subject
  47                 Set<Authentication> auths = subject.getPrincipals(Authentication.class);
  48                 if (auths.size() > 0)
  49                         SecurityContextHolder.getContext().setAuthentication(
  50                                         auths.iterator().next());
  51
  52                 // thread already logged in
  53                 if (SecurityContextHolder.getContext().getAuthentication() != null)
  54                         return super.login();
  55
  56                 // ask for username and password
  57                 Callback label = new TextOutputCallback(TextOutputCallback.INFORMATION,
  58                                 "Required login");
  59                 NameCallback nameCallback = new NameCallback("User");
  60                 PasswordCallback passwordCallback = new PasswordCallback("Password",
  61                                 false);
  62                 NameCallback urlCallback = new NameCallback("Site URL");
  63
  64                 if (callbackHandler == null) {
  65                         throw new LoginException("No call back handler available");
  66                         // return false;
  67                 }
  68                 try {
  69                         callbackHandler.handle(new Callback[] { label, nameCallback,
  70                                         passwordCallback, urlCallback });
  71                 } catch (Exception e) {
  72                         LoginException le = new LoginException("Callback handling failed");
  73                         le.initCause(e);
  74                         throw le;
  75                 }
  76
  77                 // Set user name and password
  78                 String username = nameCallback.getName();
  79                 String password = "";
  80                 if (passwordCallback.getPassword() != null) {
  81                         password = String.valueOf(passwordCallback.getPassword());
  82                 }
  83                 String url = urlCallback.getName();
  84                 // TODO: set it via system properties
  85                 String workspace = null;
  86
  87                 // UsernamePasswordAuthenticationToken credentials = new
  88                 // UsernamePasswordAuthenticationToken(
  89                 // username, password);
  90                 SiteAuthenticationToken credentials = new SiteAuthenticationToken(
  91                                 username, password, url, workspace);
  92
  93                 try {
  94                         Authentication authentication = authenticationManager
  95                                         .authenticate(credentials);
  96                         registerAuthentication(authentication);
  97                         boolean res = super.login();
  98                         return res;
  99                 } catch (BadCredentialsException bce) {
 100                         throw bce;
 101                 } catch (Exception e) {
 102                         LoginException loginException = new LoginException(
 103                                         "Bad credentials");
 104                         loginException.initCause(e);
 105                         throw loginException;
 106                 }
 107                 // }
 108         }
 109
 110         @Override
 111         public boolean logout() throws LoginException {
 112 //              if (log.isDebugEnabled())
 113 //                      log.debug("logout subject=" + subject);
 114                 return super.logout();
 115         }
 116
 117         /**
 118          * Register an {@link Authentication} in the security context.
 119          *
 120          * @param authentication
 121          *            has to implement {@link Authentication}.
 122          */
 123         protected void registerAuthentication(Object authentication) {
 124                 SecurityContextHolder.getContext().setAuthentication(
 125                                 (Authentication) authentication);
 126         }
 127
 128         public void setAuthenticationManager(
 129                         AuthenticationManager authenticationManager) {
 130                 this.authenticationManager = authenticationManager;
 131         }
 132 }