1
19
20 package com.liferay.portal.security.jaas.ext;
21
22 import com.liferay.portal.kernel.log.Log;
23 import com.liferay.portal.kernel.log.LogFactoryUtil;
24 import com.liferay.portal.kernel.security.jaas.PortalPrincipal;
25 import com.liferay.portal.kernel.util.GetterUtil;
26 import com.liferay.portal.kernel.util.StringPool;
27 import com.liferay.portal.service.UserLocalServiceUtil;
28
29 import java.io.IOException;
30
31 import java.security.Principal;
32
33 import java.util.Map;
34
35 import javax.security.auth.Subject;
36 import javax.security.auth.callback.Callback;
37 import javax.security.auth.callback.CallbackHandler;
38 import javax.security.auth.callback.NameCallback;
39 import javax.security.auth.callback.PasswordCallback;
40 import javax.security.auth.callback.UnsupportedCallbackException;
41 import javax.security.auth.login.LoginException;
42 import javax.security.auth.spi.LoginModule;
43
44
50 public class BasicLoginModule implements LoginModule {
51
52 public boolean abort() {
53 return true;
54 }
55
56 public boolean commit() {
57 if (getPrincipal() != null) {
58 getSubject().getPrincipals().add(getPrincipal());
59
60 return true;
61 }
62 else {
63 return false;
64 }
65 }
66
67 public void initialize(
68 Subject subject, CallbackHandler callbackHandler,
69 Map<String, ?> sharedState, Map<String, ?> options) {
70
71 _subject = subject;
72 _callbackHandler = callbackHandler;
73 }
74
75 public boolean login() throws LoginException {
76 String[] credentials = null;
77
78 try {
79 credentials = authenticate();
80 }
81 catch (Exception e) {
82 _log.error(e.getMessage());
83
84 throw new LoginException();
85 }
86
87 if ((credentials != null) && (credentials.length == 2)) {
88 setPrincipal(getPortalPrincipal(credentials[0]));
89 setPassword(credentials[1]);
90
91 return true;
92 }
93 else {
94 throw new LoginException();
95 }
96 }
97
98 public boolean logout() {
99 getSubject().getPrincipals().clear();
100
101 return true;
102 }
103
104 protected Subject getSubject() {
105 return _subject;
106 }
107
108 protected Principal getPrincipal() {
109 return _principal;
110 }
111
112 protected void setPrincipal(Principal principal) {
113 _principal = principal;
114 }
115
116 protected Principal getPortalPrincipal(String name) {
117 return new PortalPrincipal(name);
118 }
119
120 protected String getPassword() {
121 return _password;
122 }
123
124 protected void setPassword(String password) {
125 _password = password;
126 }
127
128 protected String[] authenticate()
129 throws IOException, UnsupportedCallbackException {
130
131 NameCallback nameCallback = new NameCallback("name: ");
132 PasswordCallback passwordCallback =
133 new PasswordCallback("password: ", false);
134
135 _callbackHandler.handle(
136 new Callback[] {
137 nameCallback, passwordCallback
138 });
139
140 String name = nameCallback.getName();
141
142 String password = null;
143 char[] passwordChar = passwordCallback.getPassword();
144
145 if (passwordChar != null) {
146 password = new String(passwordChar);
147 }
148
149 if (name == null) {
150 return new String[] {StringPool.BLANK, StringPool.BLANK};
151 }
152
153 try {
154 long userId = GetterUtil.getLong(name);
155
156 if (UserLocalServiceUtil.authenticateForJAAS(userId, password)) {
157 return new String[] {name, password};
158 }
159 }
160 catch (Exception e) {
161 _log.error(e, e);
162 }
163
164 return null;
165 }
166
167 private static Log _log = LogFactoryUtil.getLog(BasicLoginModule.class);
168
169 private Subject _subject;
170 private CallbackHandler _callbackHandler;
171 private Principal _principal;
172 private String _password;
173
174 }