+/*
+ * Copyright (C) 2007-2012 Mathieu Baudier
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
package org.argeo.security.equinox;
import java.util.Map;
+import java.util.UUID;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationManager;
import org.springframework.security.BadCredentialsException;
+import org.springframework.security.GrantedAuthority;
+import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.context.SecurityContextHolder;
+import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
import org.springframework.security.providers.jaas.SecurityContextLoginModule;
/** Login module which caches one subject per thread. */
private Long waitBetweenFailedLoginAttempts = 5 * 1000l;
private Boolean remote = false;
+ private Boolean anonymous = false;
+
+ private String key = null;
+ private String anonymousRole = "ROLE_ANONYMOUS";
public SpringLoginModule() {
if (SecurityContextHolder.getContext().getAuthentication() != null)
return super.login();
+ if (remote && anonymous)
+ throw new LoginException(
+ "Cannot have a Spring login module which is remote and anonymous");
+
// reset all principals and credentials
if (log.isTraceEnabled())
log.trace("Resetting all principals and credentials of "
if (subject.getPublicCredentials() != null)
subject.getPublicCredentials().clear();
+ // deals first with public access since it's simple
+ if (anonymous) {
+ // TODO integrate with JCR?
+ Object principal = UUID.randomUUID().toString();
+ GrantedAuthority[] authorities = { new GrantedAuthorityImpl(
+ anonymousRole) };
+ AnonymousAuthenticationToken anonymousToken = new AnonymousAuthenticationToken(
+ key, principal, authorities);
+ Authentication auth = authenticationManager
+ .authenticate(anonymousToken);
+ registerAuthentication(auth);
+ return super.login();
+ }
+
if (callbackHandler == null)
throw new LoginException("No call back handler available");
NameCallback nameCallback = new NameCallback("User");
PasswordCallback passwordCallback = new PasswordCallback(
"Password", false);
- final String defaultNodeUrl = "http://localhost:7070/org.argeo.jcr.webapp/remoting/node";
- final String defaultSecurityWorkspace = "security";
+ final String defaultNodeUrl = System.getProperty(NODE_REPO_URI,
+ "http://localhost:7070/org.argeo.jcr.webapp/remoting/node");
NameCallback urlCallback = new NameCallback("Site URL",
defaultNodeUrl);
- NameCallback securityWorkspaceCallback = new NameCallback(
- "Security Workspace", defaultSecurityWorkspace);
// handle callbacks
if (remote)
callbackHandler.handle(new Callback[] { nameCallback,
- passwordCallback, urlCallback,
- securityWorkspaceCallback });
+ passwordCallback, urlCallback });
else
callbackHandler.handle(new Callback[] { nameCallback,
passwordCallback });
NodeAuthenticationToken credentials;
if (remote) {
String url = urlCallback.getName();
- String workspace = securityWorkspaceCallback.getName();
credentials = new NodeAuthenticationToken(username, password,
- url, workspace);
+ url);
} else {
credentials = new NodeAuthenticationToken(username, password);
}
this.authenticationManager = authenticationManager;
}
+ /** Authenticates on a remote node */
public void setRemote(Boolean remote) {
this.remote = remote;
}
+
+ /**
+ * Request anonymous authentication (incompatible with remote)
+ */
+ public void setAnonymous(Boolean anonymous) {
+ this.anonymous = anonymous;
+ }
+
+ /** Role identifying an anonymous user */
+ public void setAnonymousRole(String anonymousRole) {
+ this.anonymousRole = anonymousRole;
+ }
+
+ /** System key */
+ public void setKey(String key) {
+ this.key = key;
+ }
+
}