1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
12   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
14   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
15   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
16   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
17   * SOFTWARE.
18   */
19  
20  package com.liferay.portal.security.jaas.ext;
21  
22  import com.liferay.portal.kernel.log.Log;
23  import com.liferay.portal.kernel.log.LogFactoryUtil;
24  import com.liferay.portal.kernel.security.jaas.PortalPrincipal;
25  import com.liferay.portal.kernel.util.GetterUtil;
26  import com.liferay.portal.kernel.util.StringPool;
27  import com.liferay.portal.service.UserLocalServiceUtil;
28  
29  import java.io.IOException;
30  
31  import java.security.Principal;
32  
33  import java.util.Map;
34  
35  import javax.security.auth.Subject;
36  import javax.security.auth.callback.Callback;
37  import javax.security.auth.callback.CallbackHandler;
38  import javax.security.auth.callback.NameCallback;
39  import javax.security.auth.callback.PasswordCallback;
40  import javax.security.auth.callback.UnsupportedCallbackException;
41  import javax.security.auth.login.LoginException;
42  import javax.security.auth.spi.LoginModule;
43  
44  /**
45   * <a href="BasicLoginModule.java.html"><b><i>View Source</i></b></a>
46   *
47   * @author Brian Wing Shun Chan
48   *
49   */
50  public class BasicLoginModule implements LoginModule {
51  
52      public boolean abort() {
53          return true;
54      }
55  
56      public boolean commit() {
57          if (getPrincipal() != null) {
58              getSubject().getPrincipals().add(getPrincipal());
59  
60              return true;
61          }
62          else {
63              return false;
64          }
65      }
66  
67      public void initialize(
68          Subject subject, CallbackHandler callbackHandler,
69          Map<String, ?> sharedState, Map<String, ?> options) {
70  
71          _subject = subject;
72          _callbackHandler = callbackHandler;
73      }
74  
75      public boolean login() throws LoginException {
76          String[] credentials = null;
77  
78          try {
79              credentials = authenticate();
80          }
81          catch (Exception e) {
82              _log.error(e.getMessage());
83  
84              throw new LoginException();
85          }
86  
87          if ((credentials != null) && (credentials.length == 2)) {
88              setPrincipal(getPortalPrincipal(credentials[0]));
89              setPassword(credentials[1]);
90  
91              return true;
92          }
93          else {
94              throw new LoginException();
95          }
96      }
97  
98      public boolean logout() {
99          getSubject().getPrincipals().clear();
100 
101         return true;
102     }
103 
104     protected Subject getSubject() {
105         return _subject;
106     }
107 
108     protected Principal getPrincipal() {
109         return _principal;
110     }
111 
112     protected void setPrincipal(Principal principal) {
113         _principal = principal;
114     }
115 
116     protected Principal getPortalPrincipal(String name) {
117         return new PortalPrincipal(name);
118     }
119 
120     protected String getPassword() {
121         return _password;
122     }
123 
124     protected void setPassword(String password) {
125         _password = password;
126     }
127 
128     protected String[] authenticate()
129         throws IOException, UnsupportedCallbackException {
130 
131         NameCallback nameCallback = new NameCallback("name: ");
132         PasswordCallback passwordCallback =
133             new PasswordCallback("password: ", false);
134 
135         _callbackHandler.handle(
136             new Callback[] {
137                 nameCallback, passwordCallback
138             });
139 
140         String name = nameCallback.getName();
141 
142         String password = null;
143         char[] passwordChar = passwordCallback.getPassword();
144 
145         if (passwordChar != null) {
146             password = new String(passwordChar);
147         }
148 
149         if (name == null) {
150             return new String[] {StringPool.BLANK, StringPool.BLANK};
151         }
152 
153         try {
154             long userId = GetterUtil.getLong(name);
155 
156             if (UserLocalServiceUtil.authenticateForJAAS(userId, password)) {
157                 return new String[] {name, password};
158             }
159         }
160         catch (Exception e) {
161             _log.error(e, e);
162         }
163 
164         return null;
165     }
166 
167     private static Log _log = LogFactoryUtil.getLog(BasicLoginModule.class);
168 
169     private Subject _subject;
170     private CallbackHandler _callbackHandler;
171     private Principal _principal;
172     private String _password;
173 
174 }