1
14
15 package com.liferay.portal.security.jaas.ext;
16
17 import com.liferay.portal.kernel.log.Log;
18 import com.liferay.portal.kernel.log.LogFactoryUtil;
19 import com.liferay.portal.kernel.security.jaas.PortalPrincipal;
20 import com.liferay.portal.kernel.util.GetterUtil;
21 import com.liferay.portal.kernel.util.StringPool;
22 import com.liferay.portal.service.UserLocalServiceUtil;
23
24 import java.io.IOException;
25
26 import java.security.Principal;
27
28 import java.util.Map;
29 import java.util.Set;
30
31 import javax.security.auth.Subject;
32 import javax.security.auth.callback.Callback;
33 import javax.security.auth.callback.CallbackHandler;
34 import javax.security.auth.callback.NameCallback;
35 import javax.security.auth.callback.PasswordCallback;
36 import javax.security.auth.callback.UnsupportedCallbackException;
37 import javax.security.auth.login.LoginException;
38 import javax.security.auth.spi.LoginModule;
39
40
45 public class BasicLoginModule implements LoginModule {
46
47 public boolean abort() {
48 return true;
49 }
50
51
54 public boolean commit() throws LoginException {
55 Principal principal = getPrincipal();
56
57 if (principal != null) {
58 Subject subject = getSubject();
59
60 Set<Principal> principals = subject.getPrincipals();
61
62 principals.add(getPrincipal());
63
64 return true;
65 }
66 else {
67 return false;
68 }
69 }
70
71 public void initialize(
72 Subject subject, CallbackHandler callbackHandler,
73 Map<String, ?> sharedState, Map<String, ?> options) {
74
75 _subject = subject;
76 _callbackHandler = callbackHandler;
77 }
78
79 public boolean login() throws LoginException {
80 String[] credentials = null;
81
82 try {
83 credentials = authenticate();
84 }
85 catch (Exception e) {
86 _log.error(e.getMessage());
87
88 throw new LoginException();
89 }
90
91 if ((credentials != null) && (credentials.length == 2)) {
92 setPrincipal(getPortalPrincipal(credentials[0]));
93 setPassword(credentials[1]);
94
95 return true;
96 }
97 else {
98 throw new LoginException();
99 }
100 }
101
102 public boolean logout() {
103 Subject subject = getSubject();
104
105 Set<Principal> principals = subject.getPrincipals();
106
107 principals.clear();
108
109 return true;
110 }
111
112 protected String[] authenticate()
113 throws IOException, UnsupportedCallbackException {
114
115 NameCallback nameCallback = new NameCallback("name: ");
116 PasswordCallback passwordCallback = new PasswordCallback(
117 "password: ", false);
118
119 _callbackHandler.handle(
120 new Callback[] {nameCallback, passwordCallback});
121
122 String name = nameCallback.getName();
123
124 String password = null;
125 char[] passwordChar = passwordCallback.getPassword();
126
127 if (passwordChar != null) {
128 password = new String(passwordChar);
129 }
130
131 if (name == null) {
132 return new String[] {StringPool.BLANK, StringPool.BLANK};
133 }
134
135 try {
136 long userId = GetterUtil.getLong(name);
137
138 if (UserLocalServiceUtil.authenticateForJAAS(userId, password)) {
139 return new String[] {name, password};
140 }
141 }
142 catch (Exception e) {
143 _log.error(e, e);
144 }
145
146 return null;
147 }
148
149 protected String getPassword() {
150 return _password;
151 }
152
153
156 protected Principal getPortalPrincipal(String name) throws LoginException {
157 return new PortalPrincipal(name);
158 }
159
160 protected Principal getPrincipal() {
161 return _principal;
162 }
163
164 protected Subject getSubject() {
165 return _subject;
166 }
167
168 protected void setPassword(String password) {
169 _password = password;
170 }
171
172 protected void setPrincipal(Principal principal) {
173 _principal = principal;
174 }
175
176 private static Log _log = LogFactoryUtil.getLog(BasicLoginModule.class);
177
178 private CallbackHandler _callbackHandler;
179 private String _password;
180 private Principal _principal;
181 private Subject _subject;
182
183 }