X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=security%2Fplugins%2Forg.argeo.security.equinox%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fequinox%2FSpringLoginModule.java;fp=security%2Fplugins%2Forg.argeo.security.equinox%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fequinox%2FSpringLoginModule.java;h=2222faeccf35620734bfebf9d1a4cd6a15fcc020;hb=a7a5f4db586128a9bb2c171ee819eb3eb19f80aa;hp=0000000000000000000000000000000000000000;hpb=77eaf70d8b929dab68211d6a01f68eeb71a1dceb;p=lgpl%2Fargeo-commons.git

diff --git a/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java b/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java
new file mode 100644
index 000000000..2222faecc
--- /dev/null
+++ b/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java
@@ -0,0 +1,126 @@
+package org.argeo.security.equinox;
+
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.TextOutputCallback;
+import javax.security.auth.login.LoginException;
+
+import org.springframework.security.Authentication;
+import org.springframework.security.AuthenticationManager;
+import org.springframework.security.BadCredentialsException;
+import org.springframework.security.context.SecurityContextHolder;
+import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
+import org.springframework.security.providers.jaas.SecurityContextLoginModule;
+
+/** Login module which caches one subject per thread. */
+public class SpringLoginModule extends SecurityContextLoginModule {
+	private AuthenticationManager authenticationManager;
+
+	private CallbackHandler callbackHandler;
+
+	public SpringLoginModule() {
+
+	}
+
+	@SuppressWarnings("rawtypes")
+	public void initialize(Subject subject, CallbackHandler callbackHandler,
+			Map sharedState, Map options) {
+		super.initialize(subject, callbackHandler, sharedState, options);
+		// this.subject.set(subject);
+		this.callbackHandler = callbackHandler;
+	}
+
+	public boolean login() throws LoginException {
+		// thread already logged in
+		if (SecurityContextHolder.getContext().getAuthentication() != null)
+			return super.login();
+
+		// if (getSubject().getPrincipals(Authentication.class).size() == 1) {
+		// registerAuthentication(getSubject()
+		// .getPrincipals(Authentication.class).iterator().next());
+		// return super.login();
+		// } else if (getSubject().getPrincipals(Authentication.class).size() >
+		// 1) {
+		// throw new LoginException(
+		// "Multiple Authentication principals not supported: "
+		// + getSubject().getPrincipals(Authentication.class));
+		// } else {
+		// ask for username and password
+		Callback label = new TextOutputCallback(TextOutputCallback.INFORMATION,
+				"Required login");
+		NameCallback nameCallback = new NameCallback("User");
+		PasswordCallback passwordCallback = new PasswordCallback("Password",
+				false);
+
+		if (callbackHandler == null) {
+			throw new LoginException("No call back handler available");
+			// return false;
+		}
+		try {
+			callbackHandler.handle(new Callback[] { label, nameCallback,
+					passwordCallback });
+		} catch (Exception e) {
+			LoginException le = new LoginException("Callback handling failed");
+			le.initCause(e);
+			throw le;
+		}
+
+		// Set user name and password
+		String username = nameCallback.getName();
+		String password = "";
+		if (passwordCallback.getPassword() != null) {
+			password = String.valueOf(passwordCallback.getPassword());
+		}
+		UsernamePasswordAuthenticationToken credentials = new UsernamePasswordAuthenticationToken(
+				username, password);
+
+		try {
+			Authentication authentication = authenticationManager
+					.authenticate(credentials);
+			registerAuthentication(authentication);
+			boolean res = super.login();
+			// if (log.isDebugEnabled())
+			// log.debug("User " + username + " logged in");
+			return res;
+		} catch (BadCredentialsException bce) {
+			throw bce;
+		} catch (Exception e) {
+			LoginException loginException = new LoginException(
+					"Bad credentials");
+			loginException.initCause(e);
+			throw loginException;
+		}
+		// }
+	}
+
+	@Override
+	public boolean logout() throws LoginException {
+		return super.logout();
+	}
+
+	/**
+	 * Register an {@link Authentication} in the security context.
+	 * 
+	 * @param authentication
+	 *            has to implement {@link Authentication}.
+	 */
+	protected void registerAuthentication(Object authentication) {
+		SecurityContextHolder.getContext().setAuthentication(
+				(Authentication) authentication);
+	}
+
+	public void setAuthenticationManager(
+			AuthenticationManager authenticationManager) {
+		this.authenticationManager = authenticationManager;
+	}
+
+	// protected Subject getSubject() {
+	// return subject.get();
+	// }
+
+}