Introduce OSAuthentication

[lgpl/argeo-commons.git] / security / plugins / org.argeo.security.equinox / src / main / java / org / argeo / security / equinox / SpringLoginModule.java
diff --git a/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java b/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java

index 2222faeccf35620734bfebf9d1a4cd6a15fcc020..c35416d9979c9fe246b9be4621a6bc233d714cff 100644 (file)
--- a/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java
+++ b/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java
@@ -10,19 +10,24 @@ import javax.security.auth.callback.PasswordCallback;
  import javax.security.auth.callback.TextOutputCallback;
  import javax.security.auth.login.LoginException;
  
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.argeo.security.SiteAuthenticationToken;
  import org.springframework.security.Authentication;
  import org.springframework.security.AuthenticationManager;
-import org.springframework.security.BadCredentialsException;
  import org.springframework.security.context.SecurityContextHolder;
-import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
  import org.springframework.security.providers.jaas.SecurityContextLoginModule;
  
  /** Login module which caches one subject per thread. */
  public class SpringLoginModule extends SecurityContextLoginModule {
+       private final static Log log = LogFactory.getLog(SpringLoginModule.class);
+
         private AuthenticationManager authenticationManager;
  
         private CallbackHandler callbackHandler;
  
+       private Subject subject;
+
         public SpringLoginModule() {
  
         }
@@ -31,25 +36,32 @@ public class SpringLoginModule extends SecurityContextLoginModule {
         public void initialize(Subject subject, CallbackHandler callbackHandler,
                         Map sharedState, Map options) {
                 super.initialize(subject, callbackHandler, sharedState, options);
-               // this.subject.set(subject);
                 this.callbackHandler = callbackHandler;
+               this.subject = subject;
         }
  
         public boolean login() throws LoginException {
+               // try to retrieve Authentication from Subject
+               // Set<Authentication> auths =
+               // subject.getPrincipals(Authentication.class);
+               // if (auths.size() > 0)
+               // SecurityContextHolder.getContext().setAuthentication(
+               // auths.iterator().next());
+
                 // thread already logged in
                 if (SecurityContextHolder.getContext().getAuthentication() != null)
                         return super.login();
  
-               // if (getSubject().getPrincipals(Authentication.class).size() == 1) {
-               // registerAuthentication(getSubject()
-               // .getPrincipals(Authentication.class).iterator().next());
-               // return super.login();
-               // } else if (getSubject().getPrincipals(Authentication.class).size() >
-               // 1) {
-               // throw new LoginException(
-               // "Multiple Authentication principals not supported: "
-               // + getSubject().getPrincipals(Authentication.class));
-               // } else {
+               // reset all principals and credentials
+               if (log.isTraceEnabled())
+                       log.trace("Resetting all principals and credentials of " + subject);
+               if (subject.getPrincipals() != null)
+                       subject.getPrincipals().clear();
+               if (subject.getPrivateCredentials() != null)
+                       subject.getPrivateCredentials().clear();
+               if (subject.getPublicCredentials() != null)
+                       subject.getPublicCredentials().clear();
+
                 // ask for username and password
                 Callback label = new TextOutputCallback(TextOutputCallback.INFORMATION,
                                 "Required login");
@@ -57,6 +69,8 @@ public class SpringLoginModule extends SecurityContextLoginModule {
                 PasswordCallback passwordCallback = new PasswordCallback("Password",
                                 false);
  
+               // NameCallback urlCallback = new NameCallback("Site URL");
+
                 if (callbackHandler == null) {
                         throw new LoginException("No call back handler available");
                         // return false;
@@ -65,9 +79,7 @@ public class SpringLoginModule extends SecurityContextLoginModule {
                         callbackHandler.handle(new Callback[] { label, nameCallback,
                                         passwordCallback });
                 } catch (Exception e) {
-                       LoginException le = new LoginException("Callback handling failed");
-                       le.initCause(e);
-                       throw le;
+                       throw new RuntimeException("Unexpected exception when handling", e);
                 }
  
                 // Set user name and password
@@ -76,30 +88,33 @@ public class SpringLoginModule extends SecurityContextLoginModule {
                 if (passwordCallback.getPassword() != null) {
                         password = String.valueOf(passwordCallback.getPassword());
                 }
-               UsernamePasswordAuthenticationToken credentials = new UsernamePasswordAuthenticationToken(
-                               username, password);
  
-               try {
-                       Authentication authentication = authenticationManager
-                                       .authenticate(credentials);
-                       registerAuthentication(authentication);
-                       boolean res = super.login();
-                       // if (log.isDebugEnabled())
-                       // log.debug("User " + username + " logged in");
-                       return res;
-               } catch (BadCredentialsException bce) {
-                       throw bce;
-               } catch (Exception e) {
-                       LoginException loginException = new LoginException(
-                                       "Bad credentials");
-                       loginException.initCause(e);
-                       throw loginException;
-               }
+               // String url = urlCallback.getName();
+               // TODO: set it via system properties
+               String workspace = null;
+
+               SiteAuthenticationToken credentials = new SiteAuthenticationToken(
+                               username, password, null, workspace);
+
+               // try {
+               Authentication authentication = authenticationManager
+                               .authenticate(credentials);
+               registerAuthentication(authentication);
+               boolean res = super.login();
+               return res;
+               // } catch (BadCredentialsException bce) {
+               // throw bce;
+               // } catch (LoginException e) {
+               // // LoginException loginException = new LoginException(
+               // // "Bad credentials");
+               // // loginException.initCause(e);
+               // throw e;
                 // }
         }
  
         @Override
         public boolean logout() throws LoginException {
+               subject.getPrincipals().clear();
                 return super.logout();
         }
  
@@ -118,9 +133,4 @@ public class SpringLoginModule extends SecurityContextLoginModule {
                         AuthenticationManager authenticationManager) {
                 this.authenticationManager = authenticationManager;
         }
-
-       // protected Subject getSubject() {
-       // return subject.get();
-       // }
-
  }