Introduce OSAuthentication

[lgpl/argeo-commons.git] / security / plugins / org.argeo.security.equinox / src / main / java / org / argeo / security / equinox / SpringLoginModule.java
diff --git a/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java b/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java

index c25be6afbdf46b845adc37c083065a3c2d095be5..c35416d9979c9fe246b9be4621a6bc233d714cff 100644 (file)
--- a/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java
+++ b/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java
@@ -1,7 +1,6 @@
  package org.argeo.security.equinox;
  
  import java.util.Map;
-import java.util.Set;
  
  import javax.security.auth.Subject;
  import javax.security.auth.callback.Callback;
@@ -16,7 +15,6 @@ import org.apache.commons.logging.LogFactory;
  import org.argeo.security.SiteAuthenticationToken;
  import org.springframework.security.Authentication;
  import org.springframework.security.AuthenticationManager;
-import org.springframework.security.BadCredentialsException;
  import org.springframework.security.context.SecurityContextHolder;
  import org.springframework.security.providers.jaas.SecurityContextLoginModule;
  
@@ -44,22 +42,34 @@ public class SpringLoginModule extends SecurityContextLoginModule {
  
         public boolean login() throws LoginException {
                 // try to retrieve Authentication from Subject
-               Set<Authentication> auths = subject.getPrincipals(Authentication.class);
-               if (auths.size() > 0)
-                       SecurityContextHolder.getContext().setAuthentication(
-                                       auths.iterator().next());
+               // Set<Authentication> auths =
+               // subject.getPrincipals(Authentication.class);
+               // if (auths.size() > 0)
+               // SecurityContextHolder.getContext().setAuthentication(
+               // auths.iterator().next());
  
                 // thread already logged in
                 if (SecurityContextHolder.getContext().getAuthentication() != null)
                         return super.login();
  
+               // reset all principals and credentials
+               if (log.isTraceEnabled())
+                       log.trace("Resetting all principals and credentials of " + subject);
+               if (subject.getPrincipals() != null)
+                       subject.getPrincipals().clear();
+               if (subject.getPrivateCredentials() != null)
+                       subject.getPrivateCredentials().clear();
+               if (subject.getPublicCredentials() != null)
+                       subject.getPublicCredentials().clear();
+
                 // ask for username and password
                 Callback label = new TextOutputCallback(TextOutputCallback.INFORMATION,
                                 "Required login");
                 NameCallback nameCallback = new NameCallback("User");
                 PasswordCallback passwordCallback = new PasswordCallback("Password",
                                 false);
-               NameCallback urlCallback = new NameCallback("Site URL");
+
+               // NameCallback urlCallback = new NameCallback("Site URL");
  
                 if (callbackHandler == null) {
                         throw new LoginException("No call back handler available");
@@ -67,11 +77,9 @@ public class SpringLoginModule extends SecurityContextLoginModule {
                 }
                 try {
                         callbackHandler.handle(new Callback[] { label, nameCallback,
-                                       passwordCallback, urlCallback });
+                                       passwordCallback });
                 } catch (Exception e) {
-                       LoginException le = new LoginException("Callback handling failed");
-                       le.initCause(e);
-                       throw le;
+                       throw new RuntimeException("Unexpected exception when handling", e);
                 }
  
                 // Set user name and password
@@ -80,37 +88,33 @@ public class SpringLoginModule extends SecurityContextLoginModule {
                 if (passwordCallback.getPassword() != null) {
                         password = String.valueOf(passwordCallback.getPassword());
                 }
-               String url = urlCallback.getName();
+
+               // String url = urlCallback.getName();
                 // TODO: set it via system properties
                 String workspace = null;
  
-               // UsernamePasswordAuthenticationToken credentials = new
-               // UsernamePasswordAuthenticationToken(
-               // username, password);
                 SiteAuthenticationToken credentials = new SiteAuthenticationToken(
-                               username, password, url, workspace);
-
-               try {
-                       Authentication authentication = authenticationManager
-                                       .authenticate(credentials);
-                       registerAuthentication(authentication);
-                       boolean res = super.login();
-                       return res;
-               } catch (BadCredentialsException bce) {
-                       throw bce;
-               } catch (Exception e) {
-                       LoginException loginException = new LoginException(
-                                       "Bad credentials");
-                       loginException.initCause(e);
-                       throw loginException;
-               }
+                               username, password, null, workspace);
+
+               // try {
+               Authentication authentication = authenticationManager
+                               .authenticate(credentials);
+               registerAuthentication(authentication);
+               boolean res = super.login();
+               return res;
+               // } catch (BadCredentialsException bce) {
+               // throw bce;
+               // } catch (LoginException e) {
+               // // LoginException loginException = new LoginException(
+               // // "Bad credentials");
+               // // loginException.initCause(e);
+               // throw e;
                 // }
         }
  
         @Override
         public boolean logout() throws LoginException {
-//             if (log.isDebugEnabled())
-//                     log.debug("logout subject=" + subject);
+               subject.getPrincipals().clear();
                 return super.logout();
         }