]> git.argeo.org Git - lgpl/argeo-commons.git/blobdiff - org.argeo.cms/src/org/argeo/cms/internal/auth/UserAdminLoginModule.java
projects / lgpl / argeo-commons.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Work on authentication
[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / internal / auth / UserAdminLoginModule.java
diff --git a/org.argeo.cms/src/org/argeo/cms/internal/auth/UserAdminLoginModule.java b/org.argeo.cms/src/org/argeo/cms/internal/auth/UserAdminLoginModule.java
deleted file mode 100644 (file)
index 5fca43b..0000000
--- a/org.argeo.cms/src/org/argeo/cms/internal/auth/UserAdminLoginModule.java
+++ /dev/null
@@ -1,206 +0,0 @@
-package org.argeo.cms.internal.auth;
-
-import java.security.Principal;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import javax.naming.InvalidNameException;
-import javax.naming.ldap.LdapName;
-import javax.security.auth.Subject;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.login.CredentialNotFoundException;
-import javax.security.auth.login.LoginException;
-import javax.security.auth.spi.LoginModule;
-import javax.security.auth.x500.X500Principal;
-
-import org.apache.jackrabbit.core.security.AnonymousPrincipal;
-import org.apache.jackrabbit.core.security.SecurityConstants;
-import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
-import org.argeo.cms.CmsException;
-import org.argeo.cms.KernelHeader;
-import org.argeo.cms.internal.kernel.Activator;
-import org.osgi.framework.BundleContext;
-import org.osgi.service.useradmin.Authorization;
-import org.osgi.service.useradmin.User;
-import org.osgi.service.useradmin.UserAdmin;
-
-public class UserAdminLoginModule implements LoginModule {
-       private Subject subject;
-       private CallbackHandler callbackHandler;
-       private boolean isAnonymous = false;
-
-       private final static LdapName ROLE_KERNEL_NAME, ROLE_ADMIN_NAME,
-                       ROLE_ANONYMOUS_NAME, ROLE_USER_NAME;
-       private final static List<LdapName> RESERVED_ROLES;
-       private final static X500Principal ROLE_ANONYMOUS_PRINCIPAL;
-       static {
-               try {
-                       ROLE_KERNEL_NAME = new LdapName(KernelHeader.ROLE_KERNEL);
-                       ROLE_ADMIN_NAME = new LdapName(KernelHeader.ROLE_ADMIN);
-                       ROLE_USER_NAME = new LdapName(KernelHeader.ROLE_USER);
-                       ROLE_ANONYMOUS_NAME = new LdapName(KernelHeader.ROLE_ANONYMOUS);
-                       RESERVED_ROLES = Collections.unmodifiableList(Arrays
-                                       .asList(new LdapName[] { ROLE_KERNEL_NAME, ROLE_ADMIN_NAME,
-                                                       ROLE_ANONYMOUS_NAME, ROLE_USER_NAME,
-                                                       new LdapName(KernelHeader.ROLE_GROUP_ADMIN),
-                                                       new LdapName(KernelHeader.ROLE_USER_ADMIN) }));
-                       ROLE_ANONYMOUS_PRINCIPAL = new X500Principal(
-                                       ROLE_ANONYMOUS_NAME.toString());
-               } catch (InvalidNameException e) {
-                       throw new Error("Cannot initialize login module class", e);
-               }
-       }
-
-       private Authorization authorization;
-
-       @Override
-       public void initialize(Subject subject, CallbackHandler callbackHandler,
-                       Map<String, ?> sharedState, Map<String, ?> options) {
-               try {
-                       this.subject = subject;
-                       this.callbackHandler = callbackHandler;
-                       if (options.containsKey("anonymous"))
-                               isAnonymous = Boolean.parseBoolean(options.get("anonymous")
-                                               .toString());
-                       // String ldifFile = options.get("ldifFile").toString();
-                       // InputStream in = new URL(ldifFile).openStream();
-                       // userAdmin = new LdifUserAdmin(in);
-               } catch (Exception e) {
-                       throw new CmsException("Cannot initialize login module", e);
-               }
-       }
-
-       @Override
-       public boolean login() throws LoginException {
-               // TODO use a callback in order to get the bundle context
-               BundleContext bc = Activator.getBundleContext();
-               UserAdmin userAdmin = bc.getService(bc
-                               .getServiceReference(UserAdmin.class));
-               final User user;
-
-               if (!isAnonymous) {
-                       // ask for username and password
-                       NameCallback nameCallback = new NameCallback("User");
-                       PasswordCallback passwordCallback = new PasswordCallback(
-                                       "Password", false);
-                       // handle callbacks
-                       try {
-                               callbackHandler.handle(new Callback[] { nameCallback,
-                                               passwordCallback });
-                       } catch (Exception e) {
-                               throw new CmsException("Cannot handle callbacks", e);
-                       }
-
-                       // create credentials
-                       final String username = nameCallback.getName();
-                       if (username == null || username.trim().equals(""))
-                               throw new CredentialNotFoundException("No credentials provided");
-
-                       char[] password = {};
-                       if (passwordCallback.getPassword() != null)
-                               password = passwordCallback.getPassword();
-                       else
-                               throw new CredentialNotFoundException("No credentials provided");
-
-                       user = userAdmin.getUser(null, username);
-                       if (user == null)
-                               return false;
-                       if (!user.hasCredential(null, password))
-                               return false;
-               } else
-                       // anonymous
-                       user = null;
-               this.authorization = userAdmin.getAuthorization(user);
-               return true;
-       }
-
-       @Override
-       public boolean commit() throws LoginException {
-               if (authorization != null) {
-                       Set<Principal> principals = subject.getPrincipals();
-                       try {
-                               String authName = authorization.getName();
-
-                               // determine user's principal
-                               final LdapName name;
-                               final Principal userPrincipal;
-                               if (authName == null) {
-                                       name = ROLE_ANONYMOUS_NAME;
-                                       userPrincipal = ROLE_ANONYMOUS_PRINCIPAL;
-                                       principals.add(userPrincipal);
-                                       principals.add(new AnonymousPrincipal());
-                               } else {
-                                       name = new LdapName(authName);
-                                       checkUserName(name);
-                                       userPrincipal = new X500Principal(name.toString());
-                                       principals.add(userPrincipal);
-                                       principals.add(new ImpliedByPrincipal(ROLE_USER_NAME,
-                                                       userPrincipal));
-                               }
-
-                               // Add roles provided by authorization
-                               for (String role : authorization.getRoles()) {
-                                       LdapName roleName = new LdapName(role);
-                                       if (roleName.equals(name)) {
-                                               // skip
-                                       } else {
-                                               checkImpliedPrincipalName(roleName);
-                                               principals.add(new ImpliedByPrincipal(roleName
-                                                               .toString(), userPrincipal));
-                                               if (roleName.equals(ROLE_ADMIN_NAME))
-                                                       principals.add(new AdminPrincipal(
-                                                                       SecurityConstants.ADMIN_ID));
-                                       }
-                               }
-
-                               return true;
-                       } catch (InvalidNameException e) {
-                               throw new CmsException("Cannot commit", e);
-                       }
-               } else
-                       return false;
-       }
-
-       @Override
-       public boolean abort() throws LoginException {
-               cleanUp();
-               return true;
-       }
-
-       @Override
-       public boolean logout() throws LoginException {
-               // TODO better deal with successive logout
-               if (subject == null)
-                       return true;
-               // TODO make it less brutal
-               subject.getPrincipals().removeAll(
-                               subject.getPrincipals(X500Principal.class));
-               subject.getPrincipals().removeAll(
-                               subject.getPrincipals(ImpliedByPrincipal.class));
-               cleanUp();
-               return true;
-       }
-
-       private void cleanUp() {
-               subject = null;
-               authorization = null;
-       }
-
-       private void checkUserName(LdapName name) {
-               if (RESERVED_ROLES.contains(name))
-                       throw new CmsException(name + " is a reserved name");
-       }
-
-       private void checkImpliedPrincipalName(LdapName roleName) {
-               if (ROLE_USER_NAME.equals(roleName)
-                               || ROLE_ANONYMOUS_NAME.equals(roleName)
-                               || ROLE_KERNEL_NAME.equals(roleName))
-                       throw new CmsException(roleName + " cannot be listed as role");
-       }
-}
Argeo Commons - Lightweight integration framework in pure Java/OSGi