Working ident client authentication

[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / auth / IdentLoginModule.java

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/IdentLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/IdentLoginModule.java
new file mode 100644 (file)
index 0000000..b4c49b2
--- /dev/null
+++ b/org.argeo.cms/src/org/argeo/cms/auth/IdentLoginModule.java
@@ -0,0 +1,84 @@
+package org.argeo.cms.auth;
+
+import java.io.IOException;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.argeo.cms.internal.kernel.Activator;
+import org.argeo.ident.IdentClient;
+
+public class IdentLoginModule implements LoginModule {
+       private final static Log log = LogFactory.getLog(IdentLoginModule.class);
+
+       private Subject subject = null;
+       private CallbackHandler callbackHandler = null;
+       private Map<String, Object> sharedState = null;
+
+       @Override
+       public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
+                       Map<String, ?> options) {
+               this.subject = subject;
+               this.callbackHandler = callbackHandler;
+               this.sharedState = (Map<String, Object>) sharedState;
+       }
+
+       @Override
+       public boolean login() throws LoginException {
+               if (callbackHandler == null)
+                       return false;
+               HttpRequestCallback httpCallback = new HttpRequestCallback();
+               try {
+                       callbackHandler.handle(new Callback[] { httpCallback });
+               } catch (IOException e) {
+                       throw new LoginException("Cannot handle http callback: " + e.getMessage());
+               } catch (UnsupportedCallbackException e) {
+                       return false;
+               }
+               HttpServletRequest request = httpCallback.getRequest();
+               IdentClient identClient = Activator.getIdentClient(request.getRemoteAddr());
+               if (identClient == null)
+                       return false;
+               String identUsername;
+               try {
+                       identUsername = identClient.getUsername(request.getLocalPort(), request.getRemotePort());
+               } catch (Exception e) {
+                       e.printStackTrace();
+                       return false;
+               }
+               if (identUsername != null) {
+                       if (log.isDebugEnabled())
+                               log.debug("Ident username: " + identUsername);
+                       sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, identUsername);
+                       sharedState.put(CmsAuthUtils.SHARED_STATE_REMOTE_ADDR, request.getRemoteAddr());
+                       sharedState.put(CmsAuthUtils.SHARED_STATE_REMOTE_PORT, request.getRemotePort());
+                       return true;
+               } else {
+                       return false;
+               }
+       }
+
+       @Override
+       public boolean commit() throws LoginException {
+               return true;
+       }
+
+       @Override
+       public boolean abort() throws LoginException {
+               return true;
+       }
+
+       @Override
+       public boolean logout() throws LoginException {
+               return true;
+       }
+
+}