KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > exoplatform > services > security > jaas > BasicLoginModule


1 /*
2  * Copyright 2001-2003 The eXo platform SARL All rights reserved.
3  * Please look at license.txt in info directory for more license detail.
4  */
5 package org.exoplatform.services.security.jaas;
6
7 import org.apache.commons.logging.Log;
8 import org.exoplatform.container.PortalContainer;
9 import org.exoplatform.container.RootContainer;
10 import org.exoplatform.services.database.HibernateService;
11 import org.exoplatform.services.exception.ExoServiceException;
12 import org.exoplatform.services.security.SecurityService;
13
14 import javax.security.auth.Subject JavaDoc;
15 import javax.security.auth.callback.Callback JavaDoc;
16 import javax.security.auth.callback.CallbackHandler JavaDoc;
17 import javax.security.auth.callback.NameCallback JavaDoc;
18 import javax.security.auth.callback.PasswordCallback JavaDoc;
19 import javax.security.auth.login.LoginException JavaDoc;
20 import javax.security.auth.spi.LoginModule JavaDoc;
21 import java.util.Map JavaDoc;
22
23 /**
24  * Created y the eXo platform team
25  * User: Benjamin Mestrallet
26  * Date: 28 avr. 2004
27  */
28 public class BasicLoginModule implements LoginModule JavaDoc {
29
30   private static final String JavaDoc DEFAULT_DOMAIN = "portal";
31
32   private SecurityService securityService_;
33   private boolean success_;
34   private String JavaDoc username_;
35   private Subject JavaDoc subject_;
36   private String JavaDoc portalDomain_ ;
37   private CallbackHandler JavaDoc callbackHandler_;
38   private Map JavaDoc sharedState_;
39   private Log log_ ;
40
41   public BasicLoginModule() {
42     this.success_ = false;
43     this.username_ = null;
44   }
45
46   public void initialize(Subject JavaDoc subject, CallbackHandler JavaDoc callbackHandler,
47                          Map JavaDoc sharedState, Map JavaDoc options) {
48     this.subject_ = subject;
49     this.callbackHandler_ = callbackHandler;
50     this.sharedState_ = sharedState;
51   }
52
53   public boolean login() throws LoginException JavaDoc {
54     if (callbackHandler_ == null) {
55       throw new LoginException JavaDoc("CallbackHandler null");
56     }
57     Callback JavaDoc[] callbacks = new Callback JavaDoc[2];
58     callbacks[0] = new NameCallback JavaDoc("Username: ");
59     callbacks[1] = new PasswordCallback JavaDoc("Password: ", false);
60     try {
61       // prompt for username and password
62 callbackHandler_.handle(callbacks);
63       username_ = ((NameCallback JavaDoc) callbacks[0]).getName();
64       String JavaDoc identifier = new String JavaDoc(((PasswordCallback JavaDoc) callbacks[1]).getPassword());
65
66       int split = identifier.lastIndexOf("@");
67       String JavaDoc password;
68       if(split == 0) { // no password in password callback - login will be unsuccessful
69 password = null;
70         portalDomain_ = identifier.substring(split +1);
71       } else if(split == -1) { // no Domain in password callback - default domain
72 password = identifier;
73         portalDomain_ = DEFAULT_DOMAIN;
74       } else {
75         password = identifier.substring(0, split);
76         portalDomain_ = identifier.substring(split +1);
77       }
78       PortalContainer pcontainer = RootContainer.getInstance().getPortalContainer(portalDomain_);
79       PortalContainer.setInstance(pcontainer) ;
80       securityService_ =
81         (SecurityService) pcontainer.getComponentInstanceOfType(SecurityService.class);
82       log_ = securityService_.getLog() ;
83       
84       if (username_ == null) {
85         log_.debug("No user name entered");
86         success_ = false;
87         return false;
88       }
89       if (password == null) {
90         log_.debug("No password entered");
91         success_ = false;
92         return false;
93       }
94       // share username and password with other LoginModules
95 sharedState_.put("javax.security.auth.login.name", username_);
96       sharedState_.put("javax.security.auth.login.password", password);
97       
98       ((PasswordCallback JavaDoc) callbacks[1]).clearPassword();
99       success_ = securityService_.authenticate(this.username_, password);
100       if (!success_) {
101         log_.debug("Authentication failed");
102         throw new LoginException JavaDoc("Authentication failed");
103       }
104       subject_.getPrivateCredentials().add(password);
105       return true;
106     } catch (Exception JavaDoc e) {
107       e.printStackTrace();
108       log_.error("error while trying to login", e);
109       throw new LoginException JavaDoc("Authentication failed");
110     } finally {
111       HibernateService hservice =
112         (HibernateService) PortalContainer.getComponent(HibernateService.class) ;
113       hservice.closeSession() ;
114       PortalContainer.setInstance(null) ;
115     }
116   }
117
118   public boolean commit() throws LoginException JavaDoc {
119     if (success_) {
120       try {
121         PortalContainer pcontainer =
122           RootContainer.getInstance().getPortalContainer(portalDomain_);
123         PortalContainer.setInstance(pcontainer) ;
124         securityService_.setUpAndCacheSubject(username_, subject_);
125       } catch (ExoServiceException e) {
126         throw new LoginException JavaDoc("error while filling subject with Principal in commit() " +
127                                  "of BasicLoginModule");
128       } finally {
129         HibernateService hservice =
130           (HibernateService) PortalContainer.getComponent(HibernateService.class) ;
131         hservice.closeSession() ;
132         PortalContainer.setInstance(null) ;
133       }
134     }
135     return success_;
136   }
137
138   public boolean abort() throws LoginException JavaDoc {
139     log_.debug("call abort()") ;
140     clear();
141     if(success_)
142       return true;
143     return false;
144   }
145
146   public boolean logout() throws LoginException JavaDoc {
147     log_.debug("logout user: " + username_ ) ;
148     securityService_.removeSubject(username_);
149     clear();
150     return true;
151   }
152
153   private void clear() {
154     subject_.getPrincipals().clear();
155     subject_.getPrivateCredentials().clear();
156     subject_.getPublicCredentials().clear();
157     username_ = null;
158   }
159 }
Popular Tags