001: /**
002: * Copyright (c) 2000-2008 Liferay, Inc. All rights reserved.
003: *
004: * Permission is hereby granted, free of charge, to any person obtaining a copy
005: * of this software and associated documentation files (the "Software"), to deal
006: * in the Software without restriction, including without limitation the rights
007: * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
008: * copies of the Software, and to permit persons to whom the Software is
009: * furnished to do so, subject to the following conditions:
010: *
011: * The above copyright notice and this permission notice shall be included in
012: * all copies or substantial portions of the Software.
013: *
014: * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
015: * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
016: * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
017: * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
018: * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
019: * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
020: * SOFTWARE.
021: */package com.liferay.portal.security.jaas.ext;
022:
023: import com.liferay.portal.kernel.security.jaas.PortalPrincipal;
024: import com.liferay.portal.kernel.util.GetterUtil;
025: import com.liferay.portal.kernel.util.StringPool;
026: import com.liferay.portal.service.UserLocalServiceUtil;
027:
028: import java.io.IOException;
029:
030: import java.security.Principal;
031:
032: import java.util.Map;
033:
034: import javax.security.auth.Subject;
035: import javax.security.auth.callback.Callback;
036: import javax.security.auth.callback.CallbackHandler;
037: import javax.security.auth.callback.NameCallback;
038: import javax.security.auth.callback.PasswordCallback;
039: import javax.security.auth.callback.UnsupportedCallbackException;
040: import javax.security.auth.login.LoginException;
041: import javax.security.auth.spi.LoginModule;
042:
043: import org.apache.commons.logging.Log;
044: import org.apache.commons.logging.LogFactory;
045:
046: /**
047: * <a href="BasicLoginModule.java.html"><b><i>View Source</i></b></a>
048: *
049: * @author Brian Wing Shun Chan
050: *
051: */
052: public class BasicLoginModule implements LoginModule {
053:
054: public boolean abort() {
055: return true;
056: }
057:
058: public boolean commit() {
059: if (getPrincipal() != null) {
060: getSubject().getPrincipals().add(getPrincipal());
061:
062: return true;
063: } else {
064: return false;
065: }
066: }
067:
068: public void initialize(Subject subject,
069: CallbackHandler callbackHandler, Map sharedState,
070: Map options) {
071:
072: _subject = subject;
073: _callbackHandler = callbackHandler;
074: }
075:
076: public boolean login() throws LoginException {
077: String[] credentials = null;
078:
079: try {
080: credentials = authenticate();
081: } catch (Exception e) {
082: _log.error(e.getMessage());
083:
084: throw new LoginException();
085: }
086:
087: if ((credentials != null) && (credentials.length == 2)) {
088: setPrincipal(getPortalPrincipal(credentials[0]));
089: setPassword(credentials[1]);
090:
091: return true;
092: } else {
093: throw new LoginException();
094: }
095: }
096:
097: public boolean logout() {
098: getSubject().getPrincipals().clear();
099:
100: return true;
101: }
102:
103: protected Subject getSubject() {
104: return _subject;
105: }
106:
107: protected Principal getPrincipal() {
108: return _principal;
109: }
110:
111: protected void setPrincipal(Principal principal) {
112: _principal = principal;
113: }
114:
115: protected Principal getPortalPrincipal(String name) {
116: return new PortalPrincipal(name);
117: }
118:
119: protected String getPassword() {
120: return _password;
121: }
122:
123: protected void setPassword(String password) {
124: _password = password;
125: }
126:
127: protected String[] authenticate() throws IOException,
128: UnsupportedCallbackException {
129:
130: NameCallback nameCallback = new NameCallback("name: ");
131: PasswordCallback passwordCallback = new PasswordCallback(
132: "password: ", false);
133:
134: _callbackHandler.handle(new Callback[] { nameCallback,
135: passwordCallback });
136:
137: String name = nameCallback.getName();
138:
139: String password = null;
140: char[] passwordChar = passwordCallback.getPassword();
141:
142: if (passwordChar != null) {
143: password = new String(passwordChar);
144: }
145:
146: if (name == null) {
147: return new String[] { StringPool.BLANK, StringPool.BLANK };
148: }
149:
150: try {
151: long userId = GetterUtil.getLong(name);
152:
153: if (UserLocalServiceUtil.authenticateForJAAS(userId,
154: password)) {
155: return new String[] { name, password };
156: }
157: } catch (Exception e) {
158: _log.error(e, e);
159: }
160:
161: return null;
162: }
163:
164: private static Log _log = LogFactory.getLog(BasicLoginModule.class);
165:
166: private Subject _subject;
167: private CallbackHandler _callbackHandler;
168: private Principal _principal;
169: private String _password;
170:
171: }
|