Improve RAP security

[lgpl/argeo-commons.git] / security / plugins / org.argeo.security.equinox / src / main / java / org / argeo / security / equinox / SpringLoginModule.java

diff --git a/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java b/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java
index 2222faeccf35620734bfebf9d1a4cd6a15fcc020..90e8b3decedae4932ed7b6d0ba9d20d05c3c313c 100644 (file)
--- a/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java
+++ b/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java
@@ -1,6 +1,7 @@
 package org.argeo.security.equinox;
 
 import java.util.Map;
+import java.util.concurrent.Executor;
 
 import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
@@ -10,16 +11,17 @@ import javax.security.auth.callback.PasswordCallback;
 import javax.security.auth.callback.TextOutputCallback;
 import javax.security.auth.login.LoginException;
 
+import org.argeo.security.SiteAuthenticationToken;
 import org.springframework.security.Authentication;
 import org.springframework.security.AuthenticationManager;
 import org.springframework.security.BadCredentialsException;
 import org.springframework.security.context.SecurityContextHolder;
-import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
 import org.springframework.security.providers.jaas.SecurityContextLoginModule;
 
 /** Login module which caches one subject per thread. */
 public class SpringLoginModule extends SecurityContextLoginModule {
        private AuthenticationManager authenticationManager;
+       private Executor systemExecutor;
 
        private CallbackHandler callbackHandler;
 
@@ -56,6 +58,7 @@ public class SpringLoginModule extends SecurityContextLoginModule {
                NameCallback nameCallback = new NameCallback("User");
                PasswordCallback passwordCallback = new PasswordCallback("Password",
                                false);
+               NameCallback urlCallback = new NameCallback("Site URL");
 
                if (callbackHandler == null) {
                        throw new LoginException("No call back handler available");
@@ -63,7 +66,7 @@ public class SpringLoginModule extends SecurityContextLoginModule {
                }
                try {
                        callbackHandler.handle(new Callback[] { label, nameCallback,
-                                       passwordCallback });
+                                       passwordCallback, urlCallback });
                } catch (Exception e) {
                        LoginException le = new LoginException("Callback handling failed");
                        le.initCause(e);
@@ -76,10 +79,18 @@ public class SpringLoginModule extends SecurityContextLoginModule {
                if (passwordCallback.getPassword() != null) {
                        password = String.valueOf(passwordCallback.getPassword());
                }
-               UsernamePasswordAuthenticationToken credentials = new UsernamePasswordAuthenticationToken(
-                               username, password);
+               String url = urlCallback.getName();
+               // TODO: set it via system properties
+               String workspace = null;
+
+               // UsernamePasswordAuthenticationToken credentials = new
+               // UsernamePasswordAuthenticationToken(
+               // username, password);
+               SiteAuthenticationToken credentials = new SiteAuthenticationToken(
+                               username, password, url, workspace);
 
                try {
+                       
                        Authentication authentication = authenticationManager
                                        .authenticate(credentials);
                        registerAuthentication(authentication);
@@ -119,6 +130,10 @@ public class SpringLoginModule extends SecurityContextLoginModule {
                this.authenticationManager = authenticationManager;
        }
 
+       public void setSystemExecutor(Executor systemExecutor) {
+               this.systemExecutor = systemExecutor;
+       }
+
        // protected Subject getSubject() {
        // return subject.get();
        // }