X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=security%2Fplugins%2Forg.argeo.security.equinox%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fequinox%2FSpringLoginModule.java;h=c35416d9979c9fe246b9be4621a6bc233d714cff;hb=149023e5969377045847bbecf24b0898b18a67a9;hp=c25be6afbdf46b845adc37c083065a3c2d095be5;hpb=2745f0c8c57d9468855179d56f858fb2448f779c;p=lgpl%2Fargeo-commons.git diff --git a/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java b/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java index c25be6afb..c35416d99 100644 --- a/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java +++ b/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java @@ -1,7 +1,6 @@ package org.argeo.security.equinox; import java.util.Map; -import java.util.Set; import javax.security.auth.Subject; import javax.security.auth.callback.Callback; @@ -16,7 +15,6 @@ import org.apache.commons.logging.LogFactory; import org.argeo.security.SiteAuthenticationToken; import org.springframework.security.Authentication; import org.springframework.security.AuthenticationManager; -import org.springframework.security.BadCredentialsException; import org.springframework.security.context.SecurityContextHolder; import org.springframework.security.providers.jaas.SecurityContextLoginModule; @@ -44,22 +42,34 @@ public class SpringLoginModule extends SecurityContextLoginModule { public boolean login() throws LoginException { // try to retrieve Authentication from Subject - Set auths = subject.getPrincipals(Authentication.class); - if (auths.size() > 0) - SecurityContextHolder.getContext().setAuthentication( - auths.iterator().next()); + // Set auths = + // subject.getPrincipals(Authentication.class); + // if (auths.size() > 0) + // SecurityContextHolder.getContext().setAuthentication( + // auths.iterator().next()); // thread already logged in if (SecurityContextHolder.getContext().getAuthentication() != null) return super.login(); + // reset all principals and credentials + if (log.isTraceEnabled()) + log.trace("Resetting all principals and credentials of " + subject); + if (subject.getPrincipals() != null) + subject.getPrincipals().clear(); + if (subject.getPrivateCredentials() != null) + subject.getPrivateCredentials().clear(); + if (subject.getPublicCredentials() != null) + subject.getPublicCredentials().clear(); + // ask for username and password Callback label = new TextOutputCallback(TextOutputCallback.INFORMATION, "Required login"); NameCallback nameCallback = new NameCallback("User"); PasswordCallback passwordCallback = new PasswordCallback("Password", false); - NameCallback urlCallback = new NameCallback("Site URL"); + + // NameCallback urlCallback = new NameCallback("Site URL"); if (callbackHandler == null) { throw new LoginException("No call back handler available"); @@ -67,11 +77,9 @@ public class SpringLoginModule extends SecurityContextLoginModule { } try { callbackHandler.handle(new Callback[] { label, nameCallback, - passwordCallback, urlCallback }); + passwordCallback }); } catch (Exception e) { - LoginException le = new LoginException("Callback handling failed"); - le.initCause(e); - throw le; + throw new RuntimeException("Unexpected exception when handling", e); } // Set user name and password @@ -80,37 +88,33 @@ public class SpringLoginModule extends SecurityContextLoginModule { if (passwordCallback.getPassword() != null) { password = String.valueOf(passwordCallback.getPassword()); } - String url = urlCallback.getName(); + + // String url = urlCallback.getName(); // TODO: set it via system properties String workspace = null; - // UsernamePasswordAuthenticationToken credentials = new - // UsernamePasswordAuthenticationToken( - // username, password); SiteAuthenticationToken credentials = new SiteAuthenticationToken( - username, password, url, workspace); - - try { - Authentication authentication = authenticationManager - .authenticate(credentials); - registerAuthentication(authentication); - boolean res = super.login(); - return res; - } catch (BadCredentialsException bce) { - throw bce; - } catch (Exception e) { - LoginException loginException = new LoginException( - "Bad credentials"); - loginException.initCause(e); - throw loginException; - } + username, password, null, workspace); + + // try { + Authentication authentication = authenticationManager + .authenticate(credentials); + registerAuthentication(authentication); + boolean res = super.login(); + return res; + // } catch (BadCredentialsException bce) { + // throw bce; + // } catch (LoginException e) { + // // LoginException loginException = new LoginException( + // // "Bad credentials"); + // // loginException.initCause(e); + // throw e; // } } @Override public boolean logout() throws LoginException { -// if (log.isDebugEnabled()) -// log.debug("logout subject=" + subject); + subject.getPrincipals().clear(); return super.logout(); }