From 759a7c0396796565b231738b855c8b0a8413be6b Mon Sep 17 00:00:00 2001 From: Mathieu Baudier Date: Fri, 13 Feb 2015 19:30:03 +0000 Subject: [PATCH] Improve login mechanism, based on JAAS git-svn-id: https://svn.argeo.org/commons/trunk@7852 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc --- .../src/org/argeo/cms/KernelHeader.java | 8 + .../org/argeo/cms/internal/kernel/Kernel.java | 13 - .../org/argeo/cms/internal/kernel/jaas.cfg | 14 +- .../src/org/argeo/security/SecurityUtils.java | 12 +- .../core/AbstractSystemExecution.java | 43 ++- ...catedApplicationContextInitialization.java | 1 - .../core/AuthenticationProvidersRegister.java | 1 + .../security/core/SpringLoginModule.java | 268 ------------------ .../AbstractSpringSecurityLoginModule.java | 126 ++++++++ .../security/login/AnonymousLoginModule.java | 69 +++++ .../BundleContextCallback.java | 2 +- .../login/BundleContextCallbackHandler.java | 41 +++ .../security/login/EndUserLoginModule.java | 100 +++++++ .../login/LoginCanceledException.java | 8 + .../security/login/SystemLoginModule.java | 42 +++ .../{core => login}/UserAdminLoginModule.java | 4 +- .../META-INF/jaas_default.txt | 23 -- org.argeo.security.ui.rap/bnd.bnd | 1 + org.argeo.security.ui.rap/pom.xml | 5 + .../security/ui/rap/AnonymousEntryPoint.java | 130 ++++----- .../argeo/security/ui/rap/NullEntryPoint.java | 4 +- .../security/ui/rap/RapWindowAdvisor.java | 2 + .../security/ui/rap/SecureEntryPoint.java | 14 +- .../security/ui/rap/SecureRapActivator.java | 10 - 24 files changed, 539 insertions(+), 402 deletions(-) create mode 100644 org.argeo.cms/src/org/argeo/cms/KernelHeader.java delete mode 100644 org.argeo.security.core/src/org/argeo/security/core/SpringLoginModule.java create mode 100644 org.argeo.security.core/src/org/argeo/security/login/AbstractSpringSecurityLoginModule.java create mode 100644 org.argeo.security.core/src/org/argeo/security/login/AnonymousLoginModule.java rename org.argeo.security.core/src/org/argeo/security/{core => login}/BundleContextCallback.java (92%) create mode 100644 org.argeo.security.core/src/org/argeo/security/login/BundleContextCallbackHandler.java create mode 100644 org.argeo.security.core/src/org/argeo/security/login/EndUserLoginModule.java create mode 100644 org.argeo.security.core/src/org/argeo/security/login/LoginCanceledException.java create mode 100644 org.argeo.security.core/src/org/argeo/security/login/SystemLoginModule.java rename org.argeo.security.core/src/org/argeo/security/{core => login}/UserAdminLoginModule.java (97%) delete mode 100644 org.argeo.security.ui.rap/META-INF/jaas_default.txt diff --git a/org.argeo.cms/src/org/argeo/cms/KernelHeader.java b/org.argeo.cms/src/org/argeo/cms/KernelHeader.java new file mode 100644 index 000000000..db1034a90 --- /dev/null +++ b/org.argeo.cms/src/org/argeo/cms/KernelHeader.java @@ -0,0 +1,8 @@ +package org.argeo.cms; + +/** Public properties of the CMS Kernel */ +public interface KernelHeader { + final static String LOGIN_CONTEXT_USER = "USER"; + final static String LOGIN_CONTEXT_ANONYMOUS = "ANONYMOUS"; + final static String LOGIN_CONTEXT_SYSTEM = "SYSTEM"; +} diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/Kernel.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/Kernel.java index 848206f5c..e38704d5c 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/Kernel.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/Kernel.java @@ -7,9 +7,7 @@ import org.apache.commons.logging.LogFactory; import org.argeo.ArgeoException; import org.argeo.jackrabbit.OsgiJackrabbitRepositoryFactory; import org.argeo.security.core.InternalAuthentication; -import org.eclipse.rap.rwt.application.ApplicationConfiguration; import org.osgi.framework.BundleContext; -import org.osgi.framework.ServiceRegistration; import org.springframework.security.core.context.SecurityContextHolder; /** @@ -34,8 +32,6 @@ final class Kernel { private NodeSecurity nodeSecurity; private NodeHttp nodeHttp; - private ServiceRegistration workbenchReg; - Kernel(BundleContext bundleContext) { this.bundleContext = bundleContext; } @@ -58,12 +54,6 @@ final class Kernel { bundleContext.registerService(RepositoryFactory.class, repositoryFactory, null); nodeHttp.publish(); - -// if ("false".equals(bundleContext -// .getProperty(PROP_WORKBENCH_AUTOSTART))) { -// WorkbenchApplicationConfiguration wac = new WorkbenchApplicationConfiguration(); -// registerWorkbench(wac); -// } } catch (Exception e) { log.error("Cannot initialize Argeo CMS", e); throw new ArgeoException("Cannot initialize", e); @@ -78,9 +68,6 @@ final class Kernel { void destroy() { long begin = System.currentTimeMillis(); - // OSGi - workbenchReg.unregister(); - nodeHttp = null; nodeSecurity.destroy(); node.destroy(); diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg b/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg index 110d0e143..0155fc5ee 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg @@ -1,5 +1,15 @@ -SPRING_SECURITY_CONTEXT { - org.argeo.security.core.SpringLoginModule required; +USER { + org.argeo.security.login.EndUserLoginModule requisite; + org.springframework.security.authentication.jaas.SecurityContextLoginModule required; +}; + +ANONYMOUS { + org.argeo.security.login.AnonymousLoginModule requisite; + org.springframework.security.authentication.jaas.SecurityContextLoginModule required; +}; + +SYSTEM { + org.argeo.security.login.SystemLoginModule requisite; org.springframework.security.authentication.jaas.SecurityContextLoginModule required; }; diff --git a/org.argeo.security.core/src/org/argeo/security/SecurityUtils.java b/org.argeo.security.core/src/org/argeo/security/SecurityUtils.java index 44ddeac86..8c6715446 100644 --- a/org.argeo.security.core/src/org/argeo/security/SecurityUtils.java +++ b/org.argeo.security.core/src/org/argeo/security/SecurityUtils.java @@ -19,6 +19,7 @@ import java.util.ArrayList; import java.util.Collection; import java.util.Collections; import java.util.List; +import java.util.UUID; import org.springframework.security.authentication.AnonymousAuthenticationToken; import org.springframework.security.core.Authentication; @@ -27,11 +28,20 @@ import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.context.SecurityContextHolder; /** Static utilities */ -public class SecurityUtils { +public final class SecurityUtils { + private final static String systemKey = UUID.randomUUID().toString(); private SecurityUtils() { } + /** + * @return a String which is guaranteed to be unique between and constant + * within a Java static context (typically a VM launch) + */ + public final static String getStaticKey() { + return systemKey; + } + /** Whether the current thread has the admin role */ public static boolean hasCurrentThreadAuthority(String authority) { SecurityContext securityContext = SecurityContextHolder.getContext(); diff --git a/org.argeo.security.core/src/org/argeo/security/core/AbstractSystemExecution.java b/org.argeo.security.core/src/org/argeo/security/core/AbstractSystemExecution.java index 3abc1b482..0d075c3a6 100644 --- a/org.argeo.security.core/src/org/argeo/security/core/AbstractSystemExecution.java +++ b/org.argeo.security.core/src/org/argeo/security/core/AbstractSystemExecution.java @@ -15,11 +15,17 @@ */ package org.argeo.security.core; +import javax.security.auth.login.LoginContext; +import javax.security.auth.login.LoginException; + import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.argeo.ArgeoException; import org.argeo.security.SystemAuthentication; +import org.argeo.security.login.BundleContextCallbackHandler; +import org.osgi.framework.BundleContext; import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.context.SecurityContextHolder; @@ -30,15 +36,18 @@ public abstract class AbstractSystemExecution { // Forces Spring Security to use inheritable strategy // FIXME find a better place for forcing spring security mode // doesn't work for the time being -// if (System.getProperty(SecurityContextHolder.SYSTEM_PROPERTY) == null) -// SecurityContextHolder -// .setStrategyName(SecurityContextHolder.MODE_INHERITABLETHREADLOCAL); + // if (System.getProperty(SecurityContextHolder.SYSTEM_PROPERTY) == + // null) + // SecurityContextHolder + // .setStrategyName(SecurityContextHolder.MODE_INHERITABLETHREADLOCAL); } private final static Log log = LogFactory .getLog(AbstractSystemExecution.class); private AuthenticationManager authenticationManager; + private BundleContext bundleContext; private String systemAuthenticationKey; + private String loginContextName = "SYSTEM"; /** Whether the current thread was authenticated by this component. */ private ThreadLocal authenticatedBySelf = new ThreadLocal() { @@ -76,9 +85,24 @@ public abstract class AbstractSystemExecution { InternalAuthentication.SYSTEM_KEY_DEFAULT); if (key == null) throw new ArgeoException("No system key defined"); - Authentication auth = authenticationManager - .authenticate(new InternalAuthentication(key)); - securityContext.setAuthentication(auth); + if (authenticationManager != null) { + Authentication auth = authenticationManager + .authenticate(new InternalAuthentication(key)); + securityContext.setAuthentication(auth); + } else { + try { + // TODO test this + if (bundleContext == null) + throw new ArgeoException("bundleContext must be set"); + BundleContextCallbackHandler callbackHandler = new BundleContextCallbackHandler( + bundleContext); + LoginContext loginContext = new LoginContext(loginContextName, + callbackHandler); + loginContext.login(); + } catch (LoginException e) { + throw new BadCredentialsException("Cannot authenticate"); + } + } authenticatedBySelf.set(true); if (log.isTraceEnabled()) log.trace("System authenticated"); @@ -104,13 +128,20 @@ public abstract class AbstractSystemExecution { return authenticatedBySelf.get(); } + @Deprecated public void setAuthenticationManager( AuthenticationManager authenticationManager) { + // log.warn("This approach is deprecated, inject bundleContext instead"); this.authenticationManager = authenticationManager; } + @Deprecated public void setSystemAuthenticationKey(String systemAuthenticationKey) { this.systemAuthenticationKey = systemAuthenticationKey; } + public void setBundleContext(BundleContext bundleContext) { + this.bundleContext = bundleContext; + } + } diff --git a/org.argeo.security.core/src/org/argeo/security/core/AuthenticatedApplicationContextInitialization.java b/org.argeo.security.core/src/org/argeo/security/core/AuthenticatedApplicationContextInitialization.java index 1c1059199..5faa2a751 100644 --- a/org.argeo.security.core/src/org/argeo/security/core/AuthenticatedApplicationContextInitialization.java +++ b/org.argeo.security.core/src/org/argeo/security/core/AuthenticatedApplicationContextInitialization.java @@ -66,7 +66,6 @@ public class AuthenticatedApplicationContextInitialization extends public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException { - // authenticateAsSystem(); return bean; } diff --git a/org.argeo.security.core/src/org/argeo/security/core/AuthenticationProvidersRegister.java b/org.argeo.security.core/src/org/argeo/security/core/AuthenticationProvidersRegister.java index 317815e8b..e001f4c2d 100644 --- a/org.argeo.security.core/src/org/argeo/security/core/AuthenticationProvidersRegister.java +++ b/org.argeo.security.core/src/org/argeo/security/core/AuthenticationProvidersRegister.java @@ -27,6 +27,7 @@ import org.springframework.beans.factory.InitializingBean; * Maintains a list of authentication providers injected in to a provider * manager, in order to avoid issues with OSGi services and use packages. */ +@Deprecated public class AuthenticationProvidersRegister implements InitializingBean { private Log log = LogFactory.getLog(AuthenticationProvidersRegister.class); diff --git a/org.argeo.security.core/src/org/argeo/security/core/SpringLoginModule.java b/org.argeo.security.core/src/org/argeo/security/core/SpringLoginModule.java deleted file mode 100644 index 6ec4fc68a..000000000 --- a/org.argeo.security.core/src/org/argeo/security/core/SpringLoginModule.java +++ /dev/null @@ -1,268 +0,0 @@ -/* - * Copyright (C) 2007-2012 Argeo GmbH - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.argeo.security.core; - -import java.util.Collections; -import java.util.List; -import java.util.Locale; -import java.util.Map; -import java.util.UUID; - -import javax.security.auth.Subject; -import javax.security.auth.callback.Callback; -import javax.security.auth.callback.CallbackHandler; -import javax.security.auth.callback.NameCallback; -import javax.security.auth.callback.PasswordCallback; -import javax.security.auth.login.LoginException; -import javax.security.auth.spi.LoginModule; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.argeo.security.NodeAuthenticationToken; -import org.argeo.util.LocaleCallback; -import org.argeo.util.LocaleUtils; -import org.osgi.framework.BundleContext; -import org.springframework.security.authentication.AnonymousAuthenticationToken; -import org.springframework.security.authentication.AuthenticationManager; -import org.springframework.security.authentication.BadCredentialsException; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.security.core.context.SecurityContextHolder; - -/** Login module which caches one subject per thread. */ -public class SpringLoginModule implements LoginModule { - final static String NODE_REPO_URI = "argeo.node.repo.uri"; - - private final static Log log = LogFactory.getLog(SpringLoginModule.class); - - private CallbackHandler callbackHandler; - - private Subject subject; - - private Long waitBetweenFailedLoginAttempts = 5 * 1000l; - - private Boolean remote = false; - private Boolean anonymous = false; - /** Comma separated list of locales */ - private String availableLocales = ""; - - private String key = null; - private String anonymousRole = "ROLE_ANONYMOUS"; - - public SpringLoginModule() { - - } - - @SuppressWarnings("rawtypes") - public void initialize(Subject subject, CallbackHandler callbackHandler, - Map sharedState, Map options) { - this.callbackHandler = callbackHandler; - this.subject = subject; - } - - public boolean login() throws LoginException { - try { - // thread already logged in - Authentication currentAuth = SecurityContextHolder.getContext() - .getAuthentication(); - if (currentAuth != null) { - if (subject.getPrincipals(Authentication.class).size() == 0) { - subject.getPrincipals().add(currentAuth); - } else { - Authentication principal = subject - .getPrincipals(Authentication.class).iterator() - .next(); - if (principal != currentAuth) - throw new LoginException( - "Already authenticated with a different auth"); - } - return true; - } - - if (remote && anonymous) - throw new LoginException( - "Cannot have a Spring login module which is remote and anonymous"); - - // reset all principals and credentials - if (log.isTraceEnabled()) - log.trace("Resetting all principals and credentials of " - + subject); - subject.getPrincipals().clear(); - subject.getPrivateCredentials().clear(); - subject.getPublicCredentials().clear(); - - Locale selectedLocale = null; - // deals first with public access since it's simple - if (anonymous) { - // FIXME Is this code still needed? - AuthenticationManager authenticationManager = null; - - // multi locale - if (callbackHandler != null && availableLocales != null - && !availableLocales.trim().equals("")) { - LocaleCallback localeCallback = new LocaleCallback( - availableLocales); - callbackHandler.handle(new Callback[] { localeCallback }); - selectedLocale = localeCallback.getSelectedLocale(); - } - - // TODO integrate with JCR? - Object principal = UUID.randomUUID().toString(); - List authorities = Collections - .singletonList(new SimpleGrantedAuthority(anonymousRole)); - AnonymousAuthenticationToken anonymousToken = new AnonymousAuthenticationToken( - key, principal, authorities); - Authentication auth = authenticationManager - .authenticate(anonymousToken); - registerAuthentication(auth); - } else { - if (callbackHandler == null) - throw new LoginException("No call back handler available"); - - // ask for username and password - NameCallback nameCallback = new NameCallback("User"); - PasswordCallback passwordCallback = new PasswordCallback( - "Password", false); - final String defaultNodeUrl = System - .getProperty(NODE_REPO_URI, - "http://localhost:7070/org.argeo.jcr.webapp/remoting/node"); - NameCallback urlCallback = new NameCallback("Site URL", - defaultNodeUrl); - LocaleCallback localeCallback = new LocaleCallback( - availableLocales); - BundleContextCallback bundleContextCallback = new BundleContextCallback(); - - // handle callbacks - if (remote) - callbackHandler.handle(new Callback[] { nameCallback, - passwordCallback, urlCallback, localeCallback, - bundleContextCallback }); - else - callbackHandler.handle(new Callback[] { nameCallback, - passwordCallback, localeCallback, - bundleContextCallback }); - - selectedLocale = localeCallback.getSelectedLocale(); - - // create credentials - final String username = nameCallback.getName(); - if (username == null || username.trim().equals("")) - return false; - - char[] password = {}; - if (passwordCallback.getPassword() != null) - password = passwordCallback.getPassword(); - - NodeAuthenticationToken credentials; - if (remote) { - String url = urlCallback.getName(); - credentials = new NodeAuthenticationToken(username, - password, url); - } else { - credentials = new NodeAuthenticationToken(username, - password); - } - - BundleContext bc = bundleContextCallback.getBundleContext(); - AuthenticationManager authenticationManager = bc.getService(bc - .getServiceReference(AuthenticationManager.class)); - - Authentication authentication; - try { - authentication = authenticationManager - .authenticate(credentials); - } catch (BadCredentialsException e) { - // wait between failed login attempts - Thread.sleep(waitBetweenFailedLoginAttempts); - throw e; - } - registerAuthentication(authentication); - subject.getPrincipals().add(authentication); - } - - if (selectedLocale != null) - LocaleUtils.threadLocale.set(selectedLocale); - - return true; - } catch (LoginException e) { - throw e; - } catch (ThreadDeath e) { - LoginException le = new LoginException( - "Spring Security login thread died"); - le.initCause(e); - throw le; - } catch (Exception e) { - LoginException le = new LoginException( - "Spring Security login failed"); - le.initCause(e); - throw le; - } - } - - @Override - public boolean logout() throws LoginException { - subject.getPrincipals().clear(); - return true; - } - - @Override - public boolean commit() throws LoginException { - return true; - } - - @Override - public boolean abort() throws LoginException { - return true; - } - - /** - * Register an {@link Authentication} in the security context. - * - * @param authentication - * has to implement {@link Authentication}. - */ - protected void registerAuthentication(Object authentication) { - SecurityContextHolder.getContext().setAuthentication( - (Authentication) authentication); - } - - /** Authenticates on a remote node */ - public void setRemote(Boolean remote) { - this.remote = remote; - } - - /** - * Request anonymous authentication (incompatible with remote) - */ - public void setAnonymous(Boolean anonymous) { - this.anonymous = anonymous; - } - - /** Role identifying an anonymous user */ - public void setAnonymousRole(String anonymousRole) { - this.anonymousRole = anonymousRole; - } - - /** System key */ - public void setKey(String key) { - this.key = key; - } - - public void setAvailableLocales(String locales) { - this.availableLocales = locales; - } - -} diff --git a/org.argeo.security.core/src/org/argeo/security/login/AbstractSpringSecurityLoginModule.java b/org.argeo.security.core/src/org/argeo/security/login/AbstractSpringSecurityLoginModule.java new file mode 100644 index 000000000..923646f05 --- /dev/null +++ b/org.argeo.security.core/src/org/argeo/security/login/AbstractSpringSecurityLoginModule.java @@ -0,0 +1,126 @@ +/* + * Copyright (C) 2007-2012 Argeo GmbH + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.argeo.security.login; + +import java.io.IOException; +import java.util.Map; + +import javax.security.auth.Subject; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.UnsupportedCallbackException; +import javax.security.auth.login.LoginException; +import javax.security.auth.spi.LoginModule; + +import org.osgi.framework.BundleContext; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; + +/** Login module which caches one subject per thread. */ +abstract class AbstractSpringSecurityLoginModule implements LoginModule { + private CallbackHandler callbackHandler; + private Subject subject; + + protected abstract Authentication processLogin( + CallbackHandler callbackHandler) throws LoginException, + UnsupportedCallbackException, IOException, InterruptedException; + + @SuppressWarnings("rawtypes") + @Override + public void initialize(Subject subject, CallbackHandler callbackHandler, + Map sharedState, Map options) { + this.callbackHandler = callbackHandler; + this.subject = subject; + } + + @Override + public boolean login() throws LoginException { + try { + // thread already logged in + Authentication currentAuth = SecurityContextHolder.getContext() + .getAuthentication(); + if (currentAuth != null) { + if (subject.getPrincipals(Authentication.class).size() == 0) { + subject.getPrincipals().add(currentAuth); + } else { + Authentication principal = subject + .getPrincipals(Authentication.class).iterator() + .next(); + if (principal != currentAuth) + throw new LoginException( + "Already authenticated with a different auth"); + } + return true; + } + + // reset all principals and credentials + // if (log.isTraceEnabled()) + // log.trace("Resetting all principals and credentials of " + // + subject); + // subject.getPrincipals().clear(); + // subject.getPrivateCredentials().clear(); + // subject.getPublicCredentials().clear(); + + if (callbackHandler == null) + throw new LoginException("No callback handler available"); + + Authentication authentication = processLogin(callbackHandler); + if (authentication != null) { + SecurityContextHolder.getContext().setAuthentication( + authentication); + return true; + } else { + throw new LoginException("No authentication returned"); + } + } catch (LoginException e) { + throw e; + } catch (ThreadDeath e) { + LoginException le = new LoginException( + "Spring Security login thread died"); + le.initCause(e); + throw le; + } catch (Exception e) { + LoginException le = new LoginException( + "Spring Security login failed"); + le.initCause(e); + throw le; + } + } + + @Override + public boolean logout() throws LoginException { + // subject.getPrincipals().clear(); + return true; + } + + @Override + public boolean commit() throws LoginException { + return true; + } + + @Override + public boolean abort() throws LoginException { + return true; + } + + protected AuthenticationManager getAuthenticationManager( + BundleContextCallback bundleContextCallback) { + BundleContext bc = bundleContextCallback.getBundleContext(); + return bc.getService(bc + .getServiceReference(AuthenticationManager.class)); + + } +} diff --git a/org.argeo.security.core/src/org/argeo/security/login/AnonymousLoginModule.java b/org.argeo.security.core/src/org/argeo/security/login/AnonymousLoginModule.java new file mode 100644 index 000000000..e94c3e0fe --- /dev/null +++ b/org.argeo.security.core/src/org/argeo/security/login/AnonymousLoginModule.java @@ -0,0 +1,69 @@ +/* + * Copyright (C) 2007-2012 Argeo GmbH + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.argeo.security.login; + +import java.io.IOException; +import java.util.Collections; +import java.util.List; +import java.util.Locale; + +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.UnsupportedCallbackException; +import javax.security.auth.login.LoginException; + +import org.argeo.security.SecurityUtils; +import org.argeo.util.LocaleCallback; +import org.argeo.util.LocaleUtils; +import org.springframework.security.authentication.AnonymousAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.authority.SimpleGrantedAuthority; + +/** Login module which caches one subject per thread. */ +public class AnonymousLoginModule extends AbstractSpringSecurityLoginModule { + private String anonymousRole = "ROLE_ANONYMOUS"; + /** Comma separated list of locales */ + private String availableLocales = null; + + @Override + protected Authentication processLogin(CallbackHandler callbackHandler) + throws LoginException, UnsupportedCallbackException, IOException, + InterruptedException { + BundleContextCallback bundleContextCallback = new BundleContextCallback(); + Locale selectedLocale = null; + // multi locale + if (availableLocales != null && !availableLocales.trim().equals("")) { + LocaleCallback localeCallback = new LocaleCallback(availableLocales); + callbackHandler.handle(new Callback[] { localeCallback, + bundleContextCallback }); + selectedLocale = localeCallback.getSelectedLocale(); + } else { + callbackHandler.handle(new Callback[] { bundleContextCallback }); + } + + List authorities = Collections + .singletonList(new SimpleGrantedAuthority(anonymousRole)); + AnonymousAuthenticationToken anonymousToken = new AnonymousAuthenticationToken( + SecurityUtils.getStaticKey(), null, authorities); + + Authentication auth = getAuthenticationManager(bundleContextCallback) + .authenticate(anonymousToken); + + if (selectedLocale != null) + LocaleUtils.threadLocale.set(selectedLocale); + return auth; + } +} diff --git a/org.argeo.security.core/src/org/argeo/security/core/BundleContextCallback.java b/org.argeo.security.core/src/org/argeo/security/login/BundleContextCallback.java similarity index 92% rename from org.argeo.security.core/src/org/argeo/security/core/BundleContextCallback.java rename to org.argeo.security.core/src/org/argeo/security/login/BundleContextCallback.java index 51831fdbb..cf32af55c 100644 --- a/org.argeo.security.core/src/org/argeo/security/core/BundleContextCallback.java +++ b/org.argeo.security.core/src/org/argeo/security/login/BundleContextCallback.java @@ -1,4 +1,4 @@ -package org.argeo.security.core; +package org.argeo.security.login; import javax.security.auth.callback.Callback; diff --git a/org.argeo.security.core/src/org/argeo/security/login/BundleContextCallbackHandler.java b/org.argeo.security.core/src/org/argeo/security/login/BundleContextCallbackHandler.java new file mode 100644 index 000000000..3c7f9e844 --- /dev/null +++ b/org.argeo.security.core/src/org/argeo/security/login/BundleContextCallbackHandler.java @@ -0,0 +1,41 @@ +package org.argeo.security.login; + +import java.io.IOException; + +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.UnsupportedCallbackException; + +import org.osgi.framework.BundleContext; + +/** + * {@link CallbackHandler} that simply wraps a {@link BundleContext} and inject + * it in provided {@link BundleContextCallback} + */ +public class BundleContextCallbackHandler implements CallbackHandler { + private BundleContext bundleContext; + + public BundleContextCallbackHandler() { + } + + public BundleContextCallbackHandler(BundleContext bundleContext) { + super(); + this.bundleContext = bundleContext; + } + + @Override + public void handle(Callback[] callbacks) throws IOException, + UnsupportedCallbackException { + for (Callback callback : callbacks) { + if (callback instanceof BundleContextCallback) + ((BundleContextCallback) callback) + .setBundleContext(bundleContext); + } + + } + + public void setBundleContext(BundleContext bundleContext) { + this.bundleContext = bundleContext; + } + +} diff --git a/org.argeo.security.core/src/org/argeo/security/login/EndUserLoginModule.java b/org.argeo.security.core/src/org/argeo/security/login/EndUserLoginModule.java new file mode 100644 index 000000000..d89643919 --- /dev/null +++ b/org.argeo.security.core/src/org/argeo/security/login/EndUserLoginModule.java @@ -0,0 +1,100 @@ +/* + * Copyright (C) 2007-2012 Argeo GmbH + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.argeo.security.login; + +import java.io.IOException; +import java.util.Locale; + +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.NameCallback; +import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.callback.UnsupportedCallbackException; +import javax.security.auth.login.LoginException; + +import org.argeo.security.NodeAuthenticationToken; +import org.argeo.util.LocaleCallback; +import org.argeo.util.LocaleUtils; +import org.springframework.security.authentication.BadCredentialsException; +import org.springframework.security.core.Authentication; + +/** Authenticates an end user */ +public class EndUserLoginModule extends AbstractSpringSecurityLoginModule { + final static String NODE_REPO_URI = "argeo.node.repo.uri"; + + private Long waitBetweenFailedLoginAttempts = 5 * 1000l; + + private Boolean remote = false; + /** Comma separated list of locales */ + private String availableLocales = ""; + + @Override + protected Authentication processLogin(CallbackHandler callbackHandler) + throws LoginException, UnsupportedCallbackException, IOException, + InterruptedException { + // ask for username and password + NameCallback nameCallback = new NameCallback("User"); + PasswordCallback passwordCallback = new PasswordCallback("Password", + false); + final String defaultNodeUrl = System.getProperty(NODE_REPO_URI, + "http://localhost:7070/org.argeo.jcr.webapp/remoting/node"); + NameCallback urlCallback = new NameCallback("Site URL", defaultNodeUrl); + LocaleCallback localeCallback = new LocaleCallback(availableLocales); + BundleContextCallback bundleContextCallback = new BundleContextCallback(); + + // handle callbacks + if (remote) + callbackHandler.handle(new Callback[] { nameCallback, + passwordCallback, urlCallback, localeCallback, + bundleContextCallback }); + else + callbackHandler.handle(new Callback[] { nameCallback, + passwordCallback, localeCallback, bundleContextCallback }); + + Locale selectedLocale = localeCallback.getSelectedLocale(); + + // create credentials + final String username = nameCallback.getName(); + if (username == null || username.trim().equals("")) + throw new LoginCanceledException(); + + char[] password = {}; + if (passwordCallback.getPassword() != null) + password = passwordCallback.getPassword(); + + NodeAuthenticationToken credentials; + if (remote) { + String url = urlCallback.getName(); + credentials = new NodeAuthenticationToken(username, password, url); + } else { + credentials = new NodeAuthenticationToken(username, password); + } + + Authentication auth; + try { + auth = getAuthenticationManager(bundleContextCallback) + .authenticate(credentials); + } catch (BadCredentialsException e) { + // wait between failed login attempts + Thread.sleep(waitBetweenFailedLoginAttempts); + throw e; + } + if (selectedLocale != null) + LocaleUtils.threadLocale.set(selectedLocale); + + return auth; + } +} diff --git a/org.argeo.security.core/src/org/argeo/security/login/LoginCanceledException.java b/org.argeo.security.core/src/org/argeo/security/login/LoginCanceledException.java new file mode 100644 index 000000000..5629e2e25 --- /dev/null +++ b/org.argeo.security.core/src/org/argeo/security/login/LoginCanceledException.java @@ -0,0 +1,8 @@ +package org.argeo.security.login; + +import javax.security.auth.login.LoginException; + +public class LoginCanceledException extends LoginException { + private static final long serialVersionUID = 8289162094013471043L; + +} diff --git a/org.argeo.security.core/src/org/argeo/security/login/SystemLoginModule.java b/org.argeo.security.core/src/org/argeo/security/login/SystemLoginModule.java new file mode 100644 index 000000000..b1b1d3434 --- /dev/null +++ b/org.argeo.security.core/src/org/argeo/security/login/SystemLoginModule.java @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2007-2012 Argeo GmbH + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.argeo.security.login; + +import java.io.IOException; + +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.UnsupportedCallbackException; +import javax.security.auth.login.LoginException; + +import org.argeo.security.SecurityUtils; +import org.argeo.security.core.InternalAuthentication; +import org.springframework.security.core.Authentication; + +/** Login module which caches one subject per thread. */ +public class SystemLoginModule extends AbstractSpringSecurityLoginModule { + @Override + protected Authentication processLogin(CallbackHandler callbackHandler) + throws LoginException, UnsupportedCallbackException, IOException, + InterruptedException { + BundleContextCallback bundleContextCallback = new BundleContextCallback(); + callbackHandler.handle(new Callback[] { bundleContextCallback }); + InternalAuthentication anonymousToken = new InternalAuthentication( + SecurityUtils.getStaticKey()); + return getAuthenticationManager(bundleContextCallback).authenticate( + anonymousToken); + } +} diff --git a/org.argeo.security.core/src/org/argeo/security/core/UserAdminLoginModule.java b/org.argeo.security.core/src/org/argeo/security/login/UserAdminLoginModule.java similarity index 97% rename from org.argeo.security.core/src/org/argeo/security/core/UserAdminLoginModule.java rename to org.argeo.security.core/src/org/argeo/security/login/UserAdminLoginModule.java index 16bc623d6..530c0608e 100644 --- a/org.argeo.security.core/src/org/argeo/security/core/UserAdminLoginModule.java +++ b/org.argeo.security.core/src/org/argeo/security/login/UserAdminLoginModule.java @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.argeo.security.core; +package org.argeo.security.login; import java.util.Locale; import java.util.Map; @@ -27,6 +27,7 @@ import javax.security.auth.login.LoginException; import javax.security.auth.spi.LoginModule; import org.argeo.jcr.ArgeoNames; +import org.argeo.security.core.AuthorizationPrincipal; import org.argeo.util.LocaleCallback; import org.argeo.util.LocaleUtils; import org.osgi.framework.BundleContext; @@ -52,6 +53,7 @@ public class UserAdminLoginModule implements LoginModule { private AuthorizationPrincipal auth = null; private Locale selectedLocale = null; + @SuppressWarnings("unused") private LdapShaPasswordEncoder shaPasswordEncoder = new LdapShaPasswordEncoder(); public UserAdminLoginModule() { diff --git a/org.argeo.security.ui.rap/META-INF/jaas_default.txt b/org.argeo.security.ui.rap/META-INF/jaas_default.txt deleted file mode 100644 index c74797b93..000000000 --- a/org.argeo.security.ui.rap/META-INF/jaas_default.txt +++ /dev/null @@ -1,23 +0,0 @@ -UNIX { - org.eclipse.equinox.security.auth.module.ExtensionLoginModule sufficient - extensionId="org.argeo.security.equinox.unixLoginModule"; -}; - -SPRING { - org.eclipse.equinox.security.auth.module.ExtensionLoginModule sufficient - extensionId="org.argeo.security.equinox.springLoginModule"; -}; - -SPRING_ANONYMOUS { - org.eclipse.equinox.security.auth.module.ExtensionLoginModule sufficient - extensionId="org.argeo.security.equinox.anonymousSpringLoginModule"; -}; - -SPRING_SECURITY_CONTEXT { - org.eclipse.equinox.security.auth.module.ExtensionLoginModule sufficient - extensionId="org.argeo.security.equinox.springSecurityContextLoginModule"; -}; - -KEYRING { - org.argeo.security.crypto.KeyringLoginModule required; -}; diff --git a/org.argeo.security.ui.rap/bnd.bnd b/org.argeo.security.ui.rap/bnd.bnd index 56feea8cc..bbccd8db5 100644 --- a/org.argeo.security.ui.rap/bnd.bnd +++ b/org.argeo.security.ui.rap/bnd.bnd @@ -8,4 +8,5 @@ org.springframework.security.authentication.jaas,\ org.springframework.core,\ org.argeo.eclipse.spring,\ org.argeo.eclipse.ui.specific,\ +org.argeo.cms,\ * diff --git a/org.argeo.security.ui.rap/pom.xml b/org.argeo.security.ui.rap/pom.xml index 37492bb56..6fbf0026a 100644 --- a/org.argeo.security.ui.rap/pom.xml +++ b/org.argeo.security.ui.rap/pom.xml @@ -26,5 +26,10 @@ org.argeo.eclipse.ui.rap 2.1.17-SNAPSHOT + + org.argeo.commons + org.argeo.cms + 2.1.17-SNAPSHOT + \ No newline at end of file diff --git a/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/AnonymousEntryPoint.java b/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/AnonymousEntryPoint.java index 4977815ae..ac0007acf 100644 --- a/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/AnonymousEntryPoint.java +++ b/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/AnonymousEntryPoint.java @@ -15,26 +15,22 @@ */ package org.argeo.security.ui.rap; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; import org.eclipse.rap.rwt.RWT; -import org.eclipse.rap.rwt.application.IEntryPoint; -import org.eclipse.swt.widgets.Display; -import org.eclipse.ui.PlatformUI; +import org.eclipse.rap.rwt.application.EntryPoint; /** * RAP entry point which authenticates the subject as anonymous, for public * unauthenticated access. */ -public class AnonymousEntryPoint implements IEntryPoint { - private final static Log log = LogFactory.getLog(AnonymousEntryPoint.class); +public class AnonymousEntryPoint implements EntryPoint { + // private final static Log log = + // LogFactory.getLog(AnonymousEntryPoint.class); /** * How many seconds to wait before invalidating the session if the user has * not yet logged in. */ private Integer loginTimeout = 1 * 60; - private Integer sessionTimeout = 15 * 60; @Override public int createUI() { @@ -42,70 +38,70 @@ public class AnonymousEntryPoint implements IEntryPoint { // around too long RWT.getRequest().getSession().setMaxInactiveInterval(loginTimeout); - if (log.isDebugEnabled()) - log.debug("Anonymous THREAD=" + Thread.currentThread().getId() - + ", sessionStore=" + RWT.getSessionStore().getId()); + // if (log.isDebugEnabled()) + // log.debug("Anonymous THREAD=" + Thread.currentThread().getId() + // + ", sessionStore=" + RWT.getSessionStore().getId()); // create display - final Display display = PlatformUI.createDisplay(); + // final Display display = PlatformUI.createDisplay(); // log in -// final ILoginContext loginContext = SecureRapActivator -// .createLoginContext(SecureRapActivator.CONTEXT_SPRING_ANONYMOUS); -// Subject subject = null; -// try { -// loginContext.login(); -// subject = loginContext.getSubject(); -// } catch (LoginException e) { -// throw new ArgeoException( -// "Unexpected exception during authentication", e); -// } -// -// // identify after successful login -// if (log.isDebugEnabled()) -// log.debug("Authenticated " + subject); -// final String username = subject.getPrincipals().iterator().next() -// .getName(); -// -// // Once the user is logged in, she can have a longer session timeout -// RWT.getRequest().getSession().setMaxInactiveInterval(sessionTimeout); -// -// // Logout callback when the display is disposed -// display.disposeExec(new Runnable() { -// public void run() { -// log.debug("Display disposed"); -// logout(loginContext, username); -// } -// }); -// -// // -// // RUN THE WORKBENCH -// // -// Integer returnCode = null; -// try { -// returnCode = Subject.doAs(subject, new PrivilegedAction() { -// public Integer run() { -// RapWorkbenchAdvisor workbenchAdvisor = new RapWorkbenchAdvisor( -// null); -// int result = PlatformUI.createAndRunWorkbench(display, -// workbenchAdvisor); -// return new Integer(result); -// } -// }); -// logout(loginContext, username); -// } finally { -// display.dispose(); -// } + // final ILoginContext loginContext = SecureRapActivator + // .createLoginContext(SecureRapActivator.CONTEXT_SPRING_ANONYMOUS); + // Subject subject = null; + // try { + // loginContext.login(); + // subject = loginContext.getSubject(); + // } catch (LoginException e) { + // throw new ArgeoException( + // "Unexpected exception during authentication", e); + // } + // + // // identify after successful login + // if (log.isDebugEnabled()) + // log.debug("Authenticated " + subject); + // final String username = subject.getPrincipals().iterator().next() + // .getName(); + // + // // Once the user is logged in, she can have a longer session timeout + // RWT.getRequest().getSession().setMaxInactiveInterval(sessionTimeout); + // + // // Logout callback when the display is disposed + // display.disposeExec(new Runnable() { + // public void run() { + // log.debug("Display disposed"); + // logout(loginContext, username); + // } + // }); + // + // // + // // RUN THE WORKBENCH + // // + // Integer returnCode = null; + // try { + // returnCode = Subject.doAs(subject, new PrivilegedAction() { + // public Integer run() { + // RapWorkbenchAdvisor workbenchAdvisor = new RapWorkbenchAdvisor( + // null); + // int result = PlatformUI.createAndRunWorkbench(display, + // workbenchAdvisor); + // return new Integer(result); + // } + // }); + // logout(loginContext, username); + // } finally { + // display.dispose(); + // } return 1; } -// private void logout(ILoginContext secureContext, String username) { -// try { -// secureContext.logout(); -// log.info("Logged out " + (username != null ? username : "") -// + " (THREAD=" + Thread.currentThread().getId() + ")"); -// } catch (LoginException e) { -// log.error("Erorr when logging out", e); -// } -// } + // private void logout(ILoginContext secureContext, String username) { + // try { + // secureContext.logout(); + // log.info("Logged out " + (username != null ? username : "") + // + " (THREAD=" + Thread.currentThread().getId() + ")"); + // } catch (LoginException e) { + // log.error("Erorr when logging out", e); + // } + // } } diff --git a/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/NullEntryPoint.java b/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/NullEntryPoint.java index 811cc2821..002bd647f 100644 --- a/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/NullEntryPoint.java +++ b/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/NullEntryPoint.java @@ -15,13 +15,13 @@ */ package org.argeo.security.ui.rap; -import org.eclipse.rap.rwt.application.IEntryPoint; +import org.eclipse.rap.rwt.application.EntryPoint; import org.eclipse.ui.PlatformUI; /** * RAP entry point which does doesing except creating the display */ -public class NullEntryPoint implements IEntryPoint { +public class NullEntryPoint implements EntryPoint { @Override public int createUI() { // create display diff --git a/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/RapWindowAdvisor.java b/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/RapWindowAdvisor.java index eb1dd80ee..05f4787f0 100644 --- a/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/RapWindowAdvisor.java +++ b/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/RapWindowAdvisor.java @@ -63,6 +63,8 @@ public class RapWindowAdvisor extends WorkbenchWindowAdvisor { // Handle window resize in Rap 2.1+ see // https://bugs.eclipse.org/bugs/show_bug.cgi?id=417254 Display.getCurrent().addListener(SWT.Resize, new Listener() { + private static final long serialVersionUID = 2970912561866704526L; + @Override public void handleEvent(Event event) { Rectangle bounds = event.display.getBounds(); diff --git a/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/SecureEntryPoint.java b/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/SecureEntryPoint.java index d78cdd15d..65657dc66 100644 --- a/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/SecureEntryPoint.java +++ b/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/SecureEntryPoint.java @@ -26,7 +26,9 @@ import javax.servlet.http.HttpSession; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.argeo.ArgeoException; +import org.argeo.cms.KernelHeader; import org.argeo.eclipse.ui.workbench.ErrorFeedback; +import org.argeo.security.login.LoginCanceledException; import org.argeo.security.ui.dialogs.DefaultLoginDialog; import org.argeo.util.LocaleUtils; import org.eclipse.jface.dialogs.MessageDialog; @@ -92,21 +94,16 @@ public class SecureEntryPoint implements EntryPoint { Subject subject = new Subject(); // log in - // BundleContext bc = - // SecureRapActivator.getActivator().getBundleContext(); Thread.currentThread().setContextClassLoader( getClass().getClassLoader()); final LoginContext loginContext; try { - loginContext = new LoginContext(SPRING_SECURITY_CONTEXT_KEY, + loginContext = new LoginContext(KernelHeader.LOGIN_CONTEXT_USER, subject, new DefaultLoginDialog(display.getActiveShell())); } catch (LoginException e1) { throw new ArgeoException("Cannot initialize login context", e1); } - // final LoginModule loginModule = bc.getService(bc - // .getServiceReference(LoginModule.class)); - // loginModule.initialize(subject, - // new DefaultLoginDialog(display.getActiveShell()), null, null); + tryLogin: while (subject.getPrincipals(Authentication.class).size() == 0) { try { loginContext.login(); @@ -204,6 +201,9 @@ public class SecureEntryPoint implements EntryPoint { if (t instanceof BadCredentialsException) return (BadCredentialsException) t; + if (t instanceof LoginCanceledException) + return new BadCredentialsException("Login canceled"); + if (t.getCause() != null) return wasCausedByBadCredentials(t.getCause()); else diff --git a/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/SecureRapActivator.java b/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/SecureRapActivator.java index 7cb799026..1364eeb91 100644 --- a/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/SecureRapActivator.java +++ b/org.argeo.security.ui.rap/src/org/argeo/security/ui/rap/SecureRapActivator.java @@ -20,11 +20,7 @@ import org.osgi.framework.BundleContext; /** Configure Equinox login context from the bundle context. */ public class SecureRapActivator implements BundleActivator { - public final static String ID = "org.argeo.security.ui.rap"; - public final static String CONTEXT_SPRING = "SPRING"; - public final static String CONTEXT_SPRING_ANONYMOUS = "SPRING_ANONYMOUS"; - private static final String JAAS_CONFIG_FILE = "/META-INF/jaas_default.txt"; private BundleContext bundleContext; private static SecureRapActivator activator = null; @@ -46,10 +42,4 @@ public class SecureRapActivator implements BundleActivator { public static SecureRapActivator getActivator() { return activator; } - -// static ILoginContext createLoginContext(String contextName) { -// URL configUrl = getActivator().getBundleContext().getBundle() -// .getEntry(JAAS_CONFIG_FILE); -// return LoginContextFactory.createContext(contextName, configUrl); -// } } -- 2.30.2