package org.argeo.security.equinox;
import java.util.Map;
+import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.TextOutputCallback;
import javax.security.auth.login.LoginException;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.argeo.security.SiteAuthenticationToken;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationManager;
import org.springframework.security.BadCredentialsException;
import org.springframework.security.context.SecurityContextHolder;
-import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.providers.jaas.SecurityContextLoginModule;
/** Login module which caches one subject per thread. */
public class SpringLoginModule extends SecurityContextLoginModule {
+ private final static Log log = LogFactory.getLog(SpringLoginModule.class);
+
private AuthenticationManager authenticationManager;
private CallbackHandler callbackHandler;
+ private Subject subject;
+
public SpringLoginModule() {
}
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map sharedState, Map options) {
super.initialize(subject, callbackHandler, sharedState, options);
- // this.subject.set(subject);
this.callbackHandler = callbackHandler;
+ this.subject = subject;
}
public boolean login() throws LoginException {
+ // try to retrieve Authentication from Subject
+ Set<Authentication> auths = subject.getPrincipals(Authentication.class);
+ if (auths.size() > 0)
+ SecurityContextHolder.getContext().setAuthentication(
+ auths.iterator().next());
+
// thread already logged in
if (SecurityContextHolder.getContext().getAuthentication() != null)
return super.login();
- // if (getSubject().getPrincipals(Authentication.class).size() == 1) {
- // registerAuthentication(getSubject()
- // .getPrincipals(Authentication.class).iterator().next());
- // return super.login();
- // } else if (getSubject().getPrincipals(Authentication.class).size() >
- // 1) {
- // throw new LoginException(
- // "Multiple Authentication principals not supported: "
- // + getSubject().getPrincipals(Authentication.class));
- // } else {
+ // reset all principals and credentials
+ if (log.isTraceEnabled())
+ log.trace("Resetting all principals and credentials of " + subject);
+ if (subject.getPrincipals() != null)
+ subject.getPrincipals().clear();
+ if (subject.getPrivateCredentials() != null)
+ subject.getPrivateCredentials().clear();
+ if (subject.getPublicCredentials() != null)
+ subject.getPublicCredentials().clear();
+
// ask for username and password
Callback label = new TextOutputCallback(TextOutputCallback.INFORMATION,
"Required login");
NameCallback nameCallback = new NameCallback("User");
PasswordCallback passwordCallback = new PasswordCallback("Password",
false);
+ NameCallback urlCallback = new NameCallback("Site URL");
if (callbackHandler == null) {
throw new LoginException("No call back handler available");
}
try {
callbackHandler.handle(new Callback[] { label, nameCallback,
- passwordCallback });
+ passwordCallback, urlCallback });
} catch (Exception e) {
LoginException le = new LoginException("Callback handling failed");
le.initCause(e);
if (passwordCallback.getPassword() != null) {
password = String.valueOf(passwordCallback.getPassword());
}
- UsernamePasswordAuthenticationToken credentials = new UsernamePasswordAuthenticationToken(
- username, password);
+ String url = urlCallback.getName();
+ // TODO: set it via system properties
+ String workspace = null;
+
+ // UsernamePasswordAuthenticationToken credentials = new
+ // UsernamePasswordAuthenticationToken(
+ // username, password);
+ SiteAuthenticationToken credentials = new SiteAuthenticationToken(
+ username, password, url, workspace);
try {
Authentication authentication = authenticationManager
.authenticate(credentials);
registerAuthentication(authentication);
boolean res = super.login();
- // if (log.isDebugEnabled())
- // log.debug("User " + username + " logged in");
return res;
} catch (BadCredentialsException bce) {
throw bce;
@Override
public boolean logout() throws LoginException {
+ // if (log.isDebugEnabled())
+ // log.debug("logout subject=" + subject);
return super.logout();
}
AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
}
-
- // protected Subject getSubject() {
- // return subject.get();
- // }
-
}