001: /*
002: JSPWiki - a JSP-based WikiWiki clone.
003:
004: Copyright (C) 2001-2007 Janne Jalkanen (Janne.Jalkanen@iki.fi)
005:
006: This program is free software; you can redistribute it and/or modify
007: it under the terms of the GNU Lesser General Public License as published by
008: the Free Software Foundation; either version 2.1 of the License, or
009: (at your option) any later version.
010:
011: This program is distributed in the hope that it will be useful,
012: but WITHOUT ANY WARRANTY; without even the implied warranty of
013: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
014: GNU Lesser General Public License for more details.
015:
016: You should have received a copy of the GNU Lesser General Public License
017: along with this program; if not, write to the Free Software
018: Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
019: */
020: package com.ecyrd.jspwiki.auth.login;
021:
022: import java.io.IOException;
023:
024: import javax.security.auth.callback.Callback;
025: import javax.security.auth.callback.UnsupportedCallbackException;
026: import javax.security.auth.login.LoginException;
027: import javax.servlet.http.HttpServletRequest;
028: import javax.servlet.http.HttpSession;
029:
030: import org.apache.log4j.Logger;
031:
032: import com.ecyrd.jspwiki.auth.WikiPrincipal;
033: import com.ecyrd.jspwiki.auth.authorize.Role;
034:
035: /**
036: * <p>
037: * Logs in a user based solely on IP address; no other authentication is
038: * performed. Barring a mis-configuration or I/O error, this LoginModule
039: * <em>always</em> succeeds.
040: * </p>
041: * This module must be used with a CallbackHandler (such as
042: * {@link WebContainerCallbackHandler}) that supports the following Callback
043: * types:
044: * </p>
045: * <ol>
046: * <li>{@link HttpRequestCallback}- supplies the IP address, which is used as
047: * a backup in case no name is supplied.</li>
048: * </ol>
049: * <p>
050: * After authentication, a generic WikiPrincipal based on the IP address will be
051: * created and associated with the Subject. Principals
052: * {@link com.ecyrd.jspwiki.auth.authorize.Role#ALL} and
053: * {@link com.ecyrd.jspwiki.auth.authorize.Role#ANONYMOUS} will be added.
054: * @see javax.security.auth.spi.LoginModule#commit()
055: * </p>
056: * @author Andrew Jaquith
057: * @since 2.3
058: */
059: public class AnonymousLoginModule extends AbstractLoginModule {
060:
061: /**
062: * Bogus prompt sent to the callback handler.
063: */
064: public static final String PROMPT = "User name";
065:
066: protected static final Logger log = Logger
067: .getLogger(AnonymousLoginModule.class);
068:
069: /**
070: * Logs in the user by calling back to the registered CallbackHandler with an
071: * HttpRequestCallback. The CallbackHandler must supply the current servlet
072: * HTTP request as its response.
073: * @return the result of the login; this will always be <code>false</code>
074: * if the Subject's Principal set already contains either
075: * {@link Role#ASSERTED} or {@link Role#AUTHENTICATED}; otherwise,
076: * always returns <code>true</code>.
077: * @see javax.security.auth.spi.LoginModule#login()
078: */
079: public boolean login() throws LoginException {
080: // If already logged in or asserted, ignore this login module
081: if (m_subject.getPrincipals().contains(Role.AUTHENTICATED)
082: || m_subject.getPrincipals().contains(Role.ASSERTED)) {
083: // If login ignored, remove anonymous role
084: m_principalsToRemove.add(Role.ANONYMOUS);
085: return false;
086: }
087:
088: // Otherwise, let's go and make a Principal based on the IP address
089: HttpRequestCallback hcb = new HttpRequestCallback();
090: Callback[] callbacks = new Callback[] { hcb };
091: try {
092: m_handler.handle(callbacks);
093: HttpServletRequest request = hcb.getRequest();
094: WikiPrincipal ipAddr = new WikiPrincipal(request
095: .getRemoteAddr());
096: if (log.isDebugEnabled()) {
097: HttpSession session = request.getSession(false);
098: String sid = (session == null) ? NULL : session.getId();
099: log.debug("Logged in session ID=" + sid);
100: log.debug("Added Principals " + ipAddr
101: + ",Role.ANONYMOUS,Role.ALL");
102: }
103: // If login succeeds, commit these principals/roles
104: m_principals.add(ipAddr);
105: m_principals.add(Role.ANONYMOUS);
106: m_principals.add(Role.ALL);
107:
108: // If login succeeds, overwrite these principals/roles
109: m_principalsToOverwrite.add(WikiPrincipal.GUEST);
110:
111: // If login fails, remove these roles
112: m_principalsToRemove.add(Role.ANONYMOUS);
113:
114: return true;
115: } catch (IOException e) {
116: log.error("IOException: " + e.getMessage());
117: return false;
118: } catch (UnsupportedCallbackException e) {
119: String message = "Unable to handle callback, disallowing login.";
120: log.error(message, e);
121: throw new LoginException(message);
122: }
123:
124: }
125:
126: }
|