package org.argeo.security.equinox;
import java.util.Map;
-import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import org.argeo.security.SiteAuthenticationToken;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationManager;
-import org.springframework.security.BadCredentialsException;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.jaas.SecurityContextLoginModule;
public boolean login() throws LoginException {
// try to retrieve Authentication from Subject
- Set<Authentication> auths = subject.getPrincipals(Authentication.class);
- if (auths.size() > 0)
- SecurityContextHolder.getContext().setAuthentication(
- auths.iterator().next());
+ // Set<Authentication> auths =
+ // subject.getPrincipals(Authentication.class);
+ // if (auths.size() > 0)
+ // SecurityContextHolder.getContext().setAuthentication(
+ // auths.iterator().next());
// thread already logged in
if (SecurityContextHolder.getContext().getAuthentication() != null)
return super.login();
+ // reset all principals and credentials
+ if (log.isTraceEnabled())
+ log.trace("Resetting all principals and credentials of " + subject);
+ if (subject.getPrincipals() != null)
+ subject.getPrincipals().clear();
+ if (subject.getPrivateCredentials() != null)
+ subject.getPrivateCredentials().clear();
+ if (subject.getPublicCredentials() != null)
+ subject.getPublicCredentials().clear();
+
// ask for username and password
Callback label = new TextOutputCallback(TextOutputCallback.INFORMATION,
"Required login");
NameCallback nameCallback = new NameCallback("User");
PasswordCallback passwordCallback = new PasswordCallback("Password",
false);
- NameCallback urlCallback = new NameCallback("Site URL");
+
+ // NameCallback urlCallback = new NameCallback("Site URL");
if (callbackHandler == null) {
throw new LoginException("No call back handler available");
}
try {
callbackHandler.handle(new Callback[] { label, nameCallback,
- passwordCallback, urlCallback });
+ passwordCallback });
} catch (Exception e) {
- LoginException le = new LoginException("Callback handling failed");
- le.initCause(e);
- throw le;
+ throw new RuntimeException("Unexpected exception when handling", e);
}
// Set user name and password
if (passwordCallback.getPassword() != null) {
password = String.valueOf(passwordCallback.getPassword());
}
- String url = urlCallback.getName();
+
+ // String url = urlCallback.getName();
// TODO: set it via system properties
String workspace = null;
- // UsernamePasswordAuthenticationToken credentials = new
- // UsernamePasswordAuthenticationToken(
- // username, password);
SiteAuthenticationToken credentials = new SiteAuthenticationToken(
- username, password, url, workspace);
-
- try {
- Authentication authentication = authenticationManager
- .authenticate(credentials);
- registerAuthentication(authentication);
- boolean res = super.login();
- return res;
- } catch (BadCredentialsException bce) {
- throw bce;
- } catch (Exception e) {
- LoginException loginException = new LoginException(
- "Bad credentials");
- loginException.initCause(e);
- throw loginException;
- }
+ username, password, null, workspace);
+
+ // try {
+ Authentication authentication = authenticationManager
+ .authenticate(credentials);
+ registerAuthentication(authentication);
+ boolean res = super.login();
+ return res;
+ // } catch (BadCredentialsException bce) {
+ // throw bce;
+ // } catch (LoginException e) {
+ // // LoginException loginException = new LoginException(
+ // // "Bad credentials");
+ // // loginException.initCause(e);
+ // throw e;
// }
}
@Override
public boolean logout() throws LoginException {
-// if (log.isDebugEnabled())
-// log.debug("logout subject=" + subject);
+ subject.getPrincipals().clear();
return super.logout();
}