--- /dev/null
+package org.argeo.cms.integration;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.argeo.cms.auth.CmsSessionId;
+import org.argeo.cms.auth.HttpRequestCallback;
+import org.argeo.cms.auth.HttpRequestCallbackHandler;
+import org.argeo.node.NodeConstants;
+import org.osgi.service.useradmin.Authorization;
+
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+import com.google.gson.stream.JsonWriter;
+
+/** Externally authenticate an http session. */
+public class CmsLoginServlet extends HttpServlet {
+ private static final long serialVersionUID = 2478080654328751539L;
+ private Gson gson = new GsonBuilder().setPrettyPrinting().create();
+
+ @Override
+ protected void doGet(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException {
+ doPost(request, response);
+ }
+
+ @Override
+ protected void doPost(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException {
+ LoginContext lc = null;
+ String username = request.getParameter("username");
+ String password = request.getParameter("password");
+ if (username != null && password != null) {
+ try {
+ lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_USER,
+ new HttpRequestCallbackHandler(request, response) {
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ for (Callback callback : callbacks) {
+ if (callback instanceof NameCallback && username != null)
+ ((NameCallback) callback).setName(username);
+ else if (callback instanceof PasswordCallback && password != null)
+ ((PasswordCallback) callback).setPassword(password.toCharArray());
+ else if (callback instanceof HttpRequestCallback) {
+ ((HttpRequestCallback) callback).setRequest(request);
+ ((HttpRequestCallback) callback).setResponse(response);
+ }
+ }
+ }
+ });
+ lc.login();
+
+ CmsSessionId cmsSessionId = (CmsSessionId) lc.getSubject().getPrivateCredentials(CmsSessionId.class)
+ .toArray()[0];
+ Authorization authorization = (Authorization) lc.getSubject().getPrivateCredentials(Authorization.class)
+ .toArray()[0];
+
+ JsonWriter jsonWriter = gson.newJsonWriter(response.getWriter());
+ jsonWriter.beginObject();
+ // Authorization
+ jsonWriter.name("username").value(authorization.getName());
+ jsonWriter.name("displayName").value(authorization.toString());
+ // Roles
+ jsonWriter.name("roles").beginArray();
+ for (String role : authorization.getRoles())
+ if (!role.equals(authorization.getName()))
+ jsonWriter.value(role);
+ jsonWriter.endArray();
+ // CMS session
+ jsonWriter.name("cmsSession").beginObject();
+ jsonWriter.name("uuid").value(cmsSessionId.getUuid().toString());
+ jsonWriter.endObject();
+
+ jsonWriter.endObject();
+
+ String redirectTo = redirectTo(request);
+ if (redirectTo != null)
+ response.sendRedirect(redirectTo);
+ } catch (LoginException e) {
+ response.setStatus(403);
+ return;
+ }
+ } else {
+ response.setStatus(403);
+ return;
+ }
+ }
+
+ /** Does nothing by default. */
+ protected void loginSucceeded(LoginContext lc, HttpServletRequest request, HttpServletResponse response) {
+
+ }
+
+ /** Send HTTP code 403 by default. */
+ protected void loginFailed(LoginContext lc, HttpServletRequest request, HttpServletResponse response) {
+
+ }
+
+ protected String redirectTo(HttpServletRequest request) {
+ return null;
+ }
+}