X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=security%2Fplugins%2Forg.argeo.security.equinox%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fequinox%2FSpringLoginModule.java;h=553b0994da0ff39c763ceaa5fb29858d7a3e81d3;hb=1d5afdce3e91054f07ddd3c98309c363b4cf1d46;hp=03f5f35ed960d2c8d529337f4c0f8cef7838cb2c;hpb=30fe2e93369b30c5ebb644413fe181e2940192cc;p=lgpl%2Fargeo-commons.git

diff --git a/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java b/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java
index 03f5f35ed..553b0994d 100644
--- a/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java
+++ b/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java
@@ -1,6 +1,22 @@
+/*
+ * Copyright (C) 2007-2012 Mathieu Baudier
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package org.argeo.security.equinox;
 
 import java.util.Map;
+import java.util.UUID;
 
 import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
@@ -11,15 +27,20 @@ import javax.security.auth.login.LoginException;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.argeo.security.SiteAuthenticationToken;
+import org.argeo.security.NodeAuthenticationToken;
 import org.springframework.security.Authentication;
 import org.springframework.security.AuthenticationManager;
 import org.springframework.security.BadCredentialsException;
+import org.springframework.security.GrantedAuthority;
+import org.springframework.security.GrantedAuthorityImpl;
 import org.springframework.security.context.SecurityContextHolder;
+import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
 import org.springframework.security.providers.jaas.SecurityContextLoginModule;
 
 /** Login module which caches one subject per thread. */
 public class SpringLoginModule extends SecurityContextLoginModule {
+	final static String NODE_REPO_URI = "argeo.node.repo.uri";
+
 	private final static Log log = LogFactory.getLog(SpringLoginModule.class);
 
 	private AuthenticationManager authenticationManager;
@@ -30,6 +51,12 @@ public class SpringLoginModule extends SecurityContextLoginModule {
 
 	private Long waitBetweenFailedLoginAttempts = 5 * 1000l;
 
+	private Boolean remote = false;
+	private Boolean anonymous = false;
+
+	private String key = null;
+	private String anonymousRole = "ROLE_ANONYMOUS";
+
 	public SpringLoginModule() {
 
 	}
@@ -48,6 +75,10 @@ public class SpringLoginModule extends SecurityContextLoginModule {
 			if (SecurityContextHolder.getContext().getAuthentication() != null)
 				return super.login();
 
+			if (remote && anonymous)
+				throw new LoginException(
+						"Cannot have a Spring login module which is remote and anonymous");
+
 			// reset all principals and credentials
 			if (log.isTraceEnabled())
 				log.trace("Resetting all principals and credentials of "
@@ -59,19 +90,44 @@ public class SpringLoginModule extends SecurityContextLoginModule {
 			if (subject.getPublicCredentials() != null)
 				subject.getPublicCredentials().clear();
 
-			// ask for username and password
-			NameCallback nameCallback = new NameCallback("User");
-			PasswordCallback passwordCallback = new PasswordCallback(
-					"Password", false);
-
-			// NameCallback urlCallback = new NameCallback("Site URL");
+			// deals first with public access since it's simple
+			if (anonymous) {
+				// TODO integrate with JCR?
+				Object principal = UUID.randomUUID().toString();
+				GrantedAuthority[] authorities = { new GrantedAuthorityImpl(
+						anonymousRole) };
+				AnonymousAuthenticationToken anonymousToken = new AnonymousAuthenticationToken(
+						key, principal, authorities);
+				Authentication auth = authenticationManager
+						.authenticate(anonymousToken);
+				registerAuthentication(auth);
+				return super.login();
+			}
 
 			if (callbackHandler == null)
 				throw new LoginException("No call back handler available");
-			callbackHandler.handle(new Callback[] { nameCallback,
-					passwordCallback });
 
-			// Set user name and password
+			// ask for username and password
+			NameCallback nameCallback = new NameCallback("User");
+			PasswordCallback passwordCallback = new PasswordCallback(
+					"Password", false);
+			final String defaultNodeUrl = "http://localhost:7070/org.argeo.jcr.webapp/remoting/node";
+			final String defaultSecurityWorkspace = "security";
+			NameCallback urlCallback = new NameCallback("Site URL",
+					defaultNodeUrl);
+			NameCallback securityWorkspaceCallback = new NameCallback(
+					"Security Workspace", defaultSecurityWorkspace);
+
+			// handle callbacks
+			if (remote)
+				callbackHandler.handle(new Callback[] { nameCallback,
+						passwordCallback, urlCallback,
+						securityWorkspaceCallback });
+			else
+				callbackHandler.handle(new Callback[] { nameCallback,
+						passwordCallback });
+
+			// create credentials
 			String username = nameCallback.getName();
 			if (username == null || username.trim().equals(""))
 				return false;
@@ -80,12 +136,15 @@ public class SpringLoginModule extends SecurityContextLoginModule {
 			if (passwordCallback.getPassword() != null)
 				password = String.valueOf(passwordCallback.getPassword());
 
-			// String url = urlCallback.getName();
-			// TODO: set it via system properties
-			String workspace = null;
-
-			SiteAuthenticationToken credentials = new SiteAuthenticationToken(
-					username, password, null, workspace);
+			NodeAuthenticationToken credentials;
+			if (remote) {
+				String url = urlCallback.getName();
+				String workspace = securityWorkspaceCallback.getName();
+				credentials = new NodeAuthenticationToken(username, password,
+						url, workspace);
+			} else {
+				credentials = new NodeAuthenticationToken(username, password);
+			}
 
 			Authentication authentication;
 			try {
@@ -135,4 +194,27 @@ public class SpringLoginModule extends SecurityContextLoginModule {
 			AuthenticationManager authenticationManager) {
 		this.authenticationManager = authenticationManager;
 	}
+
+	/** Authenticates on a remote node */
+	public void setRemote(Boolean remote) {
+		this.remote = remote;
+	}
+
+	/**
+	 * Request anonymous authentication (incompatible with remote)
+	 */
+	public void setAnonymous(Boolean anonymous) {
+		this.anonymous = anonymous;
+	}
+
+	/** Role identifying an anonymous user */
+	public void setAnonymousRole(String anonymousRole) {
+		this.anonymousRole = anonymousRole;
+	}
+
+	/** System key */
+	public void setKey(String key) {
+		this.key = key;
+	}
+
 }