Big cleanup of the security layers

[lgpl/argeo-commons.git] / security / plugins / org.argeo.security.equinox / src / main / java / org / argeo / security / equinox / SpringLoginModule.java
diff --git a/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java b/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java

index 03f5f35ed960d2c8d529337f4c0f8cef7838cb2c..71ce5715bc937f5d6a4d310d913aa24af8c3da71 100644 (file)
--- a/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java
+++ b/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java
@@ -11,7 +11,7 @@ import javax.security.auth.login.LoginException;
  
  import org.apache.commons.logging.Log;
  import org.apache.commons.logging.LogFactory;
-import org.argeo.security.SiteAuthenticationToken;
+import org.argeo.security.NodeAuthenticationToken;
  import org.springframework.security.Authentication;
  import org.springframework.security.AuthenticationManager;
  import org.springframework.security.BadCredentialsException;
@@ -20,6 +20,8 @@ import org.springframework.security.providers.jaas.SecurityContextLoginModule;
  
  /** Login module which caches one subject per thread. */
  public class SpringLoginModule extends SecurityContextLoginModule {
+       final static String NODE_REPO_URI = "argeo.node.repo.uri";
+
         private final static Log log = LogFactory.getLog(SpringLoginModule.class);
  
         private AuthenticationManager authenticationManager;
@@ -30,6 +32,8 @@ public class SpringLoginModule extends SecurityContextLoginModule {
  
         private Long waitBetweenFailedLoginAttempts = 5 * 1000l;
  
+       private Boolean remote = false;
+
         public SpringLoginModule() {
  
         }
@@ -59,19 +63,30 @@ public class SpringLoginModule extends SecurityContextLoginModule {
                         if (subject.getPublicCredentials() != null)
                                 subject.getPublicCredentials().clear();
  
+                       if (callbackHandler == null)
+                               throw new LoginException("No call back handler available");
+
                         // ask for username and password
                         NameCallback nameCallback = new NameCallback("User");
                         PasswordCallback passwordCallback = new PasswordCallback(
                                         "Password", false);
-
-                       // NameCallback urlCallback = new NameCallback("Site URL");
-
-                       if (callbackHandler == null)
-                               throw new LoginException("No call back handler available");
-                       callbackHandler.handle(new Callback[] { nameCallback,
-                                       passwordCallback });
-
-                       // Set user name and password
+                       final String defaultNodeUrl = "http://localhost:7070/org.argeo.jcr.webapp/remoting/node";
+                       final String defaultSecurityWorkspace = "security";
+                       NameCallback urlCallback = new NameCallback("Site URL",
+                                       defaultNodeUrl);
+                       NameCallback securityWorkspaceCallback = new NameCallback(
+                                       "Security Workspace", defaultSecurityWorkspace);
+
+                       // handle callbacks
+                       if (remote)
+                               callbackHandler.handle(new Callback[] { nameCallback,
+                                               passwordCallback, urlCallback,
+                                               securityWorkspaceCallback });
+                       else
+                               callbackHandler.handle(new Callback[] { nameCallback,
+                                               passwordCallback });
+
+                       // create credentials
                         String username = nameCallback.getName();
                         if (username == null || username.trim().equals(""))
                                 return false;
@@ -80,12 +95,15 @@ public class SpringLoginModule extends SecurityContextLoginModule {
                         if (passwordCallback.getPassword() != null)
                                 password = String.valueOf(passwordCallback.getPassword());
  
-                       // String url = urlCallback.getName();
-                       // TODO: set it via system properties
-                       String workspace = null;
-
-                       SiteAuthenticationToken credentials = new SiteAuthenticationToken(
-                                       username, password, null, workspace);
+                       NodeAuthenticationToken credentials;
+                       if (remote) {
+                               String url = urlCallback.getName();
+                               String workspace = securityWorkspaceCallback.getName();
+                               credentials = new NodeAuthenticationToken(username, password,
+                                               url, workspace);
+                       } else {
+                               credentials = new NodeAuthenticationToken(username, password);
+                       }
  
                         Authentication authentication;
                         try {
@@ -135,4 +153,8 @@ public class SpringLoginModule extends SecurityContextLoginModule {
                         AuthenticationManager authenticationManager) {
                 this.authenticationManager = authenticationManager;
         }
+
+       public void setRemote(Boolean remote) {
+               this.remote = remote;
+       }
  }