X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=security%2Fplugins%2Forg.argeo.security.equinox%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fequinox%2FSpringLoginModule.java;h=03f5f35ed960d2c8d529337f4c0f8cef7838cb2c;hb=30fe2e93369b30c5ebb644413fe181e2940192cc;hp=90e8b3decedae4932ed7b6d0ba9d20d05c3c313c;hpb=2f510fb09e18bc3d3e902c8131d0037763c5f279;p=lgpl%2Fargeo-commons.git

diff --git a/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java b/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java
index 90e8b3dec..03f5f35ed 100644
--- a/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java
+++ b/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java
@@ -1,16 +1,16 @@
 package org.argeo.security.equinox;
 
 import java.util.Map;
-import java.util.concurrent.Executor;
 
 import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.NameCallback;
 import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.TextOutputCallback;
 import javax.security.auth.login.LoginException;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 import org.argeo.security.SiteAuthenticationToken;
 import org.springframework.security.Authentication;
 import org.springframework.security.AuthenticationManager;
@@ -20,11 +20,16 @@ import org.springframework.security.providers.jaas.SecurityContextLoginModule;
 
 /** Login module which caches one subject per thread. */
 public class SpringLoginModule extends SecurityContextLoginModule {
+	private final static Log log = LogFactory.getLog(SpringLoginModule.class);
+
 	private AuthenticationManager authenticationManager;
-	private Executor systemExecutor;
 
 	private CallbackHandler callbackHandler;
 
+	private Subject subject;
+
+	private Long waitBetweenFailedLoginAttempts = 5 * 1000l;
+
 	public SpringLoginModule() {
 
 	}
@@ -33,84 +38,85 @@ public class SpringLoginModule extends SecurityContextLoginModule {
 	public void initialize(Subject subject, CallbackHandler callbackHandler,
 			Map sharedState, Map options) {
 		super.initialize(subject, callbackHandler, sharedState, options);
-		// this.subject.set(subject);
 		this.callbackHandler = callbackHandler;
+		this.subject = subject;
 	}
 
 	public boolean login() throws LoginException {
-		// thread already logged in
-		if (SecurityContextHolder.getContext().getAuthentication() != null)
-			return super.login();
-
-		// if (getSubject().getPrincipals(Authentication.class).size() == 1) {
-		// registerAuthentication(getSubject()
-		// .getPrincipals(Authentication.class).iterator().next());
-		// return super.login();
-		// } else if (getSubject().getPrincipals(Authentication.class).size() >
-		// 1) {
-		// throw new LoginException(
-		// "Multiple Authentication principals not supported: "
-		// + getSubject().getPrincipals(Authentication.class));
-		// } else {
-		// ask for username and password
-		Callback label = new TextOutputCallback(TextOutputCallback.INFORMATION,
-				"Required login");
-		NameCallback nameCallback = new NameCallback("User");
-		PasswordCallback passwordCallback = new PasswordCallback("Password",
-				false);
-		NameCallback urlCallback = new NameCallback("Site URL");
-
-		if (callbackHandler == null) {
-			throw new LoginException("No call back handler available");
-			// return false;
-		}
 		try {
-			callbackHandler.handle(new Callback[] { label, nameCallback,
-					passwordCallback, urlCallback });
-		} catch (Exception e) {
-			LoginException le = new LoginException("Callback handling failed");
-			le.initCause(e);
-			throw le;
-		}
-
-		// Set user name and password
-		String username = nameCallback.getName();
-		String password = "";
-		if (passwordCallback.getPassword() != null) {
-			password = String.valueOf(passwordCallback.getPassword());
-		}
-		String url = urlCallback.getName();
-		// TODO: set it via system properties
-		String workspace = null;
-
-		// UsernamePasswordAuthenticationToken credentials = new
-		// UsernamePasswordAuthenticationToken(
-		// username, password);
-		SiteAuthenticationToken credentials = new SiteAuthenticationToken(
-				username, password, url, workspace);
-
-		try {
-			
-			Authentication authentication = authenticationManager
-					.authenticate(credentials);
+			// thread already logged in
+			if (SecurityContextHolder.getContext().getAuthentication() != null)
+				return super.login();
+
+			// reset all principals and credentials
+			if (log.isTraceEnabled())
+				log.trace("Resetting all principals and credentials of "
+						+ subject);
+			if (subject.getPrincipals() != null)
+				subject.getPrincipals().clear();
+			if (subject.getPrivateCredentials() != null)
+				subject.getPrivateCredentials().clear();
+			if (subject.getPublicCredentials() != null)
+				subject.getPublicCredentials().clear();
+
+			// ask for username and password
+			NameCallback nameCallback = new NameCallback("User");
+			PasswordCallback passwordCallback = new PasswordCallback(
+					"Password", false);
+
+			// NameCallback urlCallback = new NameCallback("Site URL");
+
+			if (callbackHandler == null)
+				throw new LoginException("No call back handler available");
+			callbackHandler.handle(new Callback[] { nameCallback,
+					passwordCallback });
+
+			// Set user name and password
+			String username = nameCallback.getName();
+			if (username == null || username.trim().equals(""))
+				return false;
+
+			String password = "";
+			if (passwordCallback.getPassword() != null)
+				password = String.valueOf(passwordCallback.getPassword());
+
+			// String url = urlCallback.getName();
+			// TODO: set it via system properties
+			String workspace = null;
+
+			SiteAuthenticationToken credentials = new SiteAuthenticationToken(
+					username, password, null, workspace);
+
+			Authentication authentication;
+			try {
+				authentication = authenticationManager
+						.authenticate(credentials);
+			} catch (BadCredentialsException e) {
+				// wait between failed login attempts
+				Thread.sleep(waitBetweenFailedLoginAttempts);
+				throw e;
+			}
 			registerAuthentication(authentication);
 			boolean res = super.login();
-			// if (log.isDebugEnabled())
-			// log.debug("User " + username + " logged in");
 			return res;
-		} catch (BadCredentialsException bce) {
-			throw bce;
+		} catch (LoginException e) {
+			throw e;
+		} catch (ThreadDeath e) {
+			LoginException le = new LoginException(
+					"Spring Security login thread died");
+			le.initCause(e);
+			throw le;
 		} catch (Exception e) {
-			LoginException loginException = new LoginException(
-					"Bad credentials");
-			loginException.initCause(e);
-			throw loginException;
+			LoginException le = new LoginException(
+					"Spring Security login failed");
+			le.initCause(e);
+			throw le;
 		}
-		// }
 	}
 
 	@Override
 	public boolean logout() throws LoginException {
+		subject.getPrincipals().clear();
 		return super.logout();
 	}
 
@@ -129,13 +135,4 @@ public class SpringLoginModule extends SecurityContextLoginModule {
 			AuthenticationManager authenticationManager) {
 		this.authenticationManager = authenticationManager;
 	}
-
-	public void setSystemExecutor(Executor systemExecutor) {
-		this.systemExecutor = systemExecutor;
-	}
-
-	// protected Subject getSubject() {
-	// return subject.get();
-	// }
-
 }