X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=security%2Fplugins%2Forg.argeo.security.equinox%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fequinox%2FSpringLoginModule.java;h=03f5f35ed960d2c8d529337f4c0f8cef7838cb2c;hb=30fe2e93369b30c5ebb644413fe181e2940192cc;hp=7631dade1831978fb569e6a13a62edd2dd570ef5;hpb=5266ec50ddbf3247a5033d98a1dbceec6673a5b8;p=lgpl%2Fargeo-commons.git diff --git a/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java b/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java index 7631dade1..03f5f35ed 100644 --- a/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java +++ b/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java @@ -1,14 +1,12 @@ package org.argeo.security.equinox; import java.util.Map; -import java.util.Set; import javax.security.auth.Subject; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.NameCallback; import javax.security.auth.callback.PasswordCallback; -import javax.security.auth.callback.TextOutputCallback; import javax.security.auth.login.LoginException; import org.apache.commons.logging.Log; @@ -30,6 +28,8 @@ public class SpringLoginModule extends SecurityContextLoginModule { private Subject subject; + private Long waitBetweenFailedLoginAttempts = 5 * 1000l; + public SpringLoginModule() { } @@ -43,83 +43,80 @@ public class SpringLoginModule extends SecurityContextLoginModule { } public boolean login() throws LoginException { - // try to retrieve Authentication from Subject - Set auths = subject.getPrincipals(Authentication.class); - if (auths.size() > 0) - SecurityContextHolder.getContext().setAuthentication( - auths.iterator().next()); - - // thread already logged in - if (SecurityContextHolder.getContext().getAuthentication() != null) - return super.login(); - - // reset all principals and credentials - if (log.isTraceEnabled()) - log.trace("Resetting all principals and credentials of " + subject); - if (subject.getPrincipals() != null) - subject.getPrincipals().clear(); - if (subject.getPrivateCredentials() != null) - subject.getPrivateCredentials().clear(); - if (subject.getPublicCredentials() != null) - subject.getPublicCredentials().clear(); - - // ask for username and password - Callback label = new TextOutputCallback(TextOutputCallback.INFORMATION, - "Required login"); - NameCallback nameCallback = new NameCallback("User"); - PasswordCallback passwordCallback = new PasswordCallback("Password", - false); - - // NameCallback urlCallback = new NameCallback("Site URL"); - - if (callbackHandler == null) { - throw new LoginException("No call back handler available"); - // return false; - } try { - callbackHandler.handle(new Callback[] { label, nameCallback, + // thread already logged in + if (SecurityContextHolder.getContext().getAuthentication() != null) + return super.login(); + + // reset all principals and credentials + if (log.isTraceEnabled()) + log.trace("Resetting all principals and credentials of " + + subject); + if (subject.getPrincipals() != null) + subject.getPrincipals().clear(); + if (subject.getPrivateCredentials() != null) + subject.getPrivateCredentials().clear(); + if (subject.getPublicCredentials() != null) + subject.getPublicCredentials().clear(); + + // ask for username and password + NameCallback nameCallback = new NameCallback("User"); + PasswordCallback passwordCallback = new PasswordCallback( + "Password", false); + + // NameCallback urlCallback = new NameCallback("Site URL"); + + if (callbackHandler == null) + throw new LoginException("No call back handler available"); + callbackHandler.handle(new Callback[] { nameCallback, passwordCallback }); - } catch (Exception e) { - LoginException le = new LoginException("Callback handling failed"); - le.initCause(e); - throw le; - } - - // Set user name and password - String username = nameCallback.getName(); - String password = ""; - if (passwordCallback.getPassword() != null) { - password = String.valueOf(passwordCallback.getPassword()); - } - // String url = urlCallback.getName(); - // TODO: set it via system properties - String workspace = null; - - SiteAuthenticationToken credentials = new SiteAuthenticationToken( - username, password, null, workspace); - - try { - Authentication authentication = authenticationManager - .authenticate(credentials); + // Set user name and password + String username = nameCallback.getName(); + if (username == null || username.trim().equals("")) + return false; + + String password = ""; + if (passwordCallback.getPassword() != null) + password = String.valueOf(passwordCallback.getPassword()); + + // String url = urlCallback.getName(); + // TODO: set it via system properties + String workspace = null; + + SiteAuthenticationToken credentials = new SiteAuthenticationToken( + username, password, null, workspace); + + Authentication authentication; + try { + authentication = authenticationManager + .authenticate(credentials); + } catch (BadCredentialsException e) { + // wait between failed login attempts + Thread.sleep(waitBetweenFailedLoginAttempts); + throw e; + } registerAuthentication(authentication); boolean res = super.login(); return res; - } catch (BadCredentialsException bce) { - throw bce; + } catch (LoginException e) { + throw e; + } catch (ThreadDeath e) { + LoginException le = new LoginException( + "Spring Security login thread died"); + le.initCause(e); + throw le; } catch (Exception e) { - LoginException loginException = new LoginException( - "Bad credentials"); - loginException.initCause(e); - throw loginException; + LoginException le = new LoginException( + "Spring Security login failed"); + le.initCause(e); + throw le; } - // } } @Override public boolean logout() throws LoginException { - // if (log.isDebugEnabled()) - // log.debug("logout subject=" + subject); + subject.getPrincipals().clear(); return super.logout(); }