Massive Argeo APIs refactoring

[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / auth / SpnegoLoginModule.java
diff --git a/org.argeo.cms/src/org/argeo/cms/auth/SpnegoLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/SpnegoLoginModule.java

index ef2872e38c52fa452318d50dd4fc8f010c525bcd..c94480cb54de824d0ec2d9f31bdaf3f5cae993f7 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/auth/SpnegoLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/SpnegoLoginModule.java
@@ -8,8 +8,7 @@ import javax.security.auth.callback.CallbackHandler;
  import javax.security.auth.login.LoginException;
  import javax.security.auth.spi.LoginModule;
  
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
+import org.argeo.api.cms.CmsLog;
  import org.argeo.cms.internal.kernel.Activator;
  import org.ietf.jgss.GSSContext;
  import org.ietf.jgss.GSSCredential;
@@ -17,8 +16,9 @@ import org.ietf.jgss.GSSException;
  import org.ietf.jgss.GSSManager;
  import org.ietf.jgss.GSSName;
  
+/** SPNEGO login */
  public class SpnegoLoginModule implements LoginModule {
-       private final static Log log = LogFactory.getLog(SpnegoLoginModule.class);
+       private final static CmsLog log = CmsLog.getLog(SpnegoLoginModule.class);
  
         private Subject subject;
         private Map<String, Object> sharedState = null;
@@ -41,22 +41,20 @@ public class SpnegoLoginModule implements LoginModule {
                 gssContext = checkToken(spnegoToken);
                 if (gssContext == null)
                         return false;
-               try {
-                       String clientName = gssContext.getSrcName().toString();
-                       String role = clientName.substring(clientName.indexOf('@') + 1);
-
-                       log.debug("SpnegoUserRealm: established a security context");
-                       log.debug("Client Principal is: " + gssContext.getSrcName());
-                       log.debug("Server Principal is: " + gssContext.getTargName());
-                       log.debug("Client Default Role: " + role);
-               } catch (GSSException e) {
-                       // TODO Auto-generated catch block
-                       e.printStackTrace();
-               }
-
-               // TODO log in
-
-               return false;
+               else
+                       return true;
+               // try {
+               // String clientName = gssContext.getSrcName().toString();
+               // String role = clientName.substring(clientName.indexOf('@') + 1);
+               //
+               // log.debug("SpnegoUserRealm: established a security context");
+               // log.debug("Client Principal is: " + gssContext.getSrcName());
+               // log.debug("Server Principal is: " + gssContext.getTargName());
+               // log.debug("Client Default Role: " + role);
+               // } catch (GSSException e) {
+               // // TODO Auto-generated catch block
+               // e.printStackTrace();
+               // }
         }
  
         @Override
@@ -67,29 +65,47 @@ public class SpnegoLoginModule implements LoginModule {
                 try {
                         Class<?> gssUtilsClass = Class.forName("com.sun.security.jgss.GSSUtil");
                         Method createSubjectMethod = gssUtilsClass.getMethod("createSubject", GSSName.class, GSSCredential.class);
-                       Subject gssSubject = (Subject) createSubjectMethod.invoke(null, gssContext.getSrcName(),
-                                       gssContext.getDelegCred());
+                       Subject gssSubject;
+                       if (gssContext.getCredDelegState())
+                               gssSubject = (Subject) createSubjectMethod.invoke(null, gssContext.getSrcName(),
+                                               gssContext.getDelegCred());
+                       else
+                               gssSubject = (Subject) createSubjectMethod.invoke(null, gssContext.getSrcName(), null);
                         subject.getPrincipals().addAll(gssSubject.getPrincipals());
                         subject.getPrivateCredentials().addAll(gssSubject.getPrivateCredentials());
                         return true;
                 } catch (Exception e) {
-                       // TODO Auto-generated catch block
-                       e.printStackTrace();
-                       return false;
+                       throw new LoginException("Cannot commit SPNEGO " + e);
                 }
  
         }
  
         @Override
         public boolean abort() throws LoginException {
-               // TODO Auto-generated method stub
-               return false;
+               if (gssContext != null) {
+                       try {
+                               gssContext.dispose();
+                       } catch (GSSException e) {
+                               if (log.isTraceEnabled())
+                                       log.warn("Could not abort", e);
+                       }
+                       gssContext = null;
+               }
+               return true;
         }
  
         @Override
         public boolean logout() throws LoginException {
-               // TODO Auto-generated method stub
-               return false;
+               if (gssContext != null) {
+                       try {
+                               gssContext.dispose();
+                       } catch (GSSException e) {
+                               if (log.isTraceEnabled())
+                                       log.warn("Could not abort", e);
+                       }
+                       gssContext = null;
+               }
+               return true;
         }
  
         private GSSContext checkToken(byte[] authToken) {
@@ -115,4 +131,8 @@ public class SpnegoLoginModule implements LoginModule {
                 return null;
  
         }
+
+       public static boolean hasAcceptorCredentials() {
+               return Activator.getAcceptorCredentials() != null;
+       }
  }