Improve packaging (esp. security)

[lgpl/argeo-commons.git] / security / eclipse / plugins / org.argeo.security.equinox / src / main / java / org / argeo / security / equinox / SpringLoginModule.java
diff --git a/security/eclipse/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java b/security/eclipse/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java

index 3f88a00d94aac235fa6e0f136c606a151a0eb187..2222faeccf35620734bfebf9d1a4cd6a15fcc020 100644 (file)
--- a/security/eclipse/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java
+++ b/security/eclipse/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java
@@ -10,19 +10,16 @@ import javax.security.auth.callback.PasswordCallback;
  import javax.security.auth.callback.TextOutputCallback;
  import javax.security.auth.login.LoginException;
  
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
  import org.springframework.security.Authentication;
  import org.springframework.security.AuthenticationManager;
+import org.springframework.security.BadCredentialsException;
  import org.springframework.security.context.SecurityContextHolder;
  import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
  import org.springframework.security.providers.jaas.SecurityContextLoginModule;
  
+/** Login module which caches one subject per thread. */
  public class SpringLoginModule extends SecurityContextLoginModule {
-       private final static Log log = LogFactory.getLog(SpringLoginModule.class);
-
         private AuthenticationManager authenticationManager;
-       private Subject subject;
  
         private CallbackHandler callbackHandler;
  
@@ -34,7 +31,7 @@ public class SpringLoginModule extends SecurityContextLoginModule {
         public void initialize(Subject subject, CallbackHandler callbackHandler,
                         Map sharedState, Map options) {
                 super.initialize(subject, callbackHandler, sharedState, options);
-               this.subject = subject;
+               // this.subject.set(subject);
                 this.callbackHandler = callbackHandler;
         }
  
@@ -43,64 +40,66 @@ public class SpringLoginModule extends SecurityContextLoginModule {
                 if (SecurityContextHolder.getContext().getAuthentication() != null)
                         return super.login();
  
-               if (subject.getPrincipals(Authentication.class).size() == 1) {
-                       registerAuthentication(subject.getPrincipals(Authentication.class)
-                                       .iterator().next());
-                       return super.login();
-               } else if (subject.getPrincipals(Authentication.class).size() > 1) {
-                       throw new LoginException(
-                                       "Multiple Authentication principals not supported: "
-                                                       + subject.getPrincipals(Authentication.class));
-               } else {
-                       // ask for username and password
-                       Callback label = new TextOutputCallback(
-                                       TextOutputCallback.INFORMATION, "Required login");
-                       NameCallback nameCallback = new NameCallback("User");
-                       PasswordCallback passwordCallback = new PasswordCallback(
-                                       "Password", false);
-
-                       if (callbackHandler == null) {
-                               throw new LoginException("No call back handler available");
-                               // return false;
-                       }
-                       try {
-                               callbackHandler.handle(new Callback[] { label, nameCallback,
-                                               passwordCallback });
-                       } catch (Exception e) {
-                               LoginException le = new LoginException(
-                                               "Callback handling failed");
-                               le.initCause(e);
-                               throw le;
-                       }
-
-                       // Set user name and password
-                       String username = nameCallback.getName();
-                       String password = "";
-                       if (passwordCallback.getPassword() != null) {
-                               password = String.valueOf(passwordCallback.getPassword());
-                       }
-                       UsernamePasswordAuthenticationToken credentials = new UsernamePasswordAuthenticationToken(
-                                       username, password);
-
-                       try {
-                               Authentication authentication = authenticationManager
-                                               .authenticate(credentials);
-                               registerAuthentication(authentication);
-                               return super.login();
-                       } catch (Exception e) {
-                               LoginException loginException = new LoginException(
-                                               "Bad credentials");
-                               loginException.initCause(e);
-                               throw loginException;
-                       }
+               // if (getSubject().getPrincipals(Authentication.class).size() == 1) {
+               // registerAuthentication(getSubject()
+               // .getPrincipals(Authentication.class).iterator().next());
+               // return super.login();
+               // } else if (getSubject().getPrincipals(Authentication.class).size() >
+               // 1) {
+               // throw new LoginException(
+               // "Multiple Authentication principals not supported: "
+               // + getSubject().getPrincipals(Authentication.class));
+               // } else {
+               // ask for username and password
+               Callback label = new TextOutputCallback(TextOutputCallback.INFORMATION,
+                               "Required login");
+               NameCallback nameCallback = new NameCallback("User");
+               PasswordCallback passwordCallback = new PasswordCallback("Password",
+                               false);
+
+               if (callbackHandler == null) {
+                       throw new LoginException("No call back handler available");
+                       // return false;
                 }
+               try {
+                       callbackHandler.handle(new Callback[] { label, nameCallback,
+                                       passwordCallback });
+               } catch (Exception e) {
+                       LoginException le = new LoginException("Callback handling failed");
+                       le.initCause(e);
+                       throw le;
+               }
+
+               // Set user name and password
+               String username = nameCallback.getName();
+               String password = "";
+               if (passwordCallback.getPassword() != null) {
+                       password = String.valueOf(passwordCallback.getPassword());
+               }
+               UsernamePasswordAuthenticationToken credentials = new UsernamePasswordAuthenticationToken(
+                               username, password);
+
+               try {
+                       Authentication authentication = authenticationManager
+                                       .authenticate(credentials);
+                       registerAuthentication(authentication);
+                       boolean res = super.login();
+                       // if (log.isDebugEnabled())
+                       // log.debug("User " + username + " logged in");
+                       return res;
+               } catch (BadCredentialsException bce) {
+                       throw bce;
+               } catch (Exception e) {
+                       LoginException loginException = new LoginException(
+                                       "Bad credentials");
+                       loginException.initCause(e);
+                       throw loginException;
+               }
+               // }
         }
  
         @Override
         public boolean logout() throws LoginException {
-               if (log.isDebugEnabled())
-                       log.debug("Log out "
-                                       + subject.getPrincipals().iterator().next().getName());
                 return super.logout();
         }
  
@@ -120,4 +119,8 @@ public class SpringLoginModule extends SecurityContextLoginModule {
                 this.authenticationManager = authenticationManager;
         }
  
+       // protected Subject getSubject() {
+       // return subject.get();
+       // }
+
  }