1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   *
12   *
13   */
14  
15  package com.liferay.portal.security.jaas.ext;
16  
17  import com.liferay.portal.kernel.log.Log;
18  import com.liferay.portal.kernel.log.LogFactoryUtil;
19  import com.liferay.portal.kernel.security.jaas.PortalPrincipal;
20  import com.liferay.portal.kernel.util.GetterUtil;
21  import com.liferay.portal.kernel.util.StringPool;
22  import com.liferay.portal.service.UserLocalServiceUtil;
23  
24  import java.io.IOException;
25  
26  import java.security.Principal;
27  
28  import java.util.Map;
29  import java.util.Set;
30  
31  import javax.security.auth.Subject;
32  import javax.security.auth.callback.Callback;
33  import javax.security.auth.callback.CallbackHandler;
34  import javax.security.auth.callback.NameCallback;
35  import javax.security.auth.callback.PasswordCallback;
36  import javax.security.auth.callback.UnsupportedCallbackException;
37  import javax.security.auth.login.LoginException;
38  import javax.security.auth.spi.LoginModule;
39  
40  /**
41   * <a href="BasicLoginModule.java.html"><b><i>View Source</i></b></a>
42   *
43   * @author Brian Wing Shun Chan
44   */
45  public class BasicLoginModule implements LoginModule {
46  
47      public boolean abort() {
48          return true;
49      }
50  
51      /**
52       * @throws LoginException
53       */
54      public boolean commit() throws LoginException {
55          Principal principal = getPrincipal();
56  
57          if (principal != null) {
58              Subject subject = getSubject();
59  
60              Set<Principal> principals = subject.getPrincipals();
61  
62              principals.add(getPrincipal());
63  
64              return true;
65          }
66          else {
67              return false;
68          }
69      }
70  
71      public void initialize(
72          Subject subject, CallbackHandler callbackHandler,
73          Map<String, ?> sharedState, Map<String, ?> options) {
74  
75          _subject = subject;
76          _callbackHandler = callbackHandler;
77      }
78  
79      public boolean login() throws LoginException {
80          String[] credentials = null;
81  
82          try {
83              credentials = authenticate();
84          }
85          catch (Exception e) {
86              _log.error(e.getMessage());
87  
88              throw new LoginException();
89          }
90  
91          if ((credentials != null) && (credentials.length == 2)) {
92              setPrincipal(getPortalPrincipal(credentials[0]));
93              setPassword(credentials[1]);
94  
95              return true;
96          }
97          else {
98              throw new LoginException();
99          }
100     }
101 
102     public boolean logout() {
103         Subject subject = getSubject();
104 
105         Set<Principal> principals = subject.getPrincipals();
106 
107         principals.clear();
108 
109         return true;
110     }
111 
112     protected String[] authenticate()
113         throws IOException, UnsupportedCallbackException {
114 
115         NameCallback nameCallback = new NameCallback("name: ");
116         PasswordCallback passwordCallback = new PasswordCallback(
117             "password: ", false);
118 
119         _callbackHandler.handle(
120             new Callback[] {nameCallback, passwordCallback});
121 
122         String name = nameCallback.getName();
123 
124         String password = null;
125         char[] passwordChar = passwordCallback.getPassword();
126 
127         if (passwordChar != null) {
128             password = new String(passwordChar);
129         }
130 
131         if (name == null) {
132             return new String[] {StringPool.BLANK, StringPool.BLANK};
133         }
134 
135         try {
136             long userId = GetterUtil.getLong(name);
137 
138             if (UserLocalServiceUtil.authenticateForJAAS(userId, password)) {
139                 return new String[] {name, password};
140             }
141         }
142         catch (Exception e) {
143             _log.error(e, e);
144         }
145 
146         return null;
147     }
148 
149     protected String getPassword() {
150         return _password;
151     }
152 
153     /**
154      * @throws LoginException
155      */
156     protected Principal getPortalPrincipal(String name) throws LoginException {
157         return new PortalPrincipal(name);
158     }
159 
160     protected Principal getPrincipal() {
161         return _principal;
162     }
163 
164     protected Subject getSubject() {
165         return _subject;
166     }
167 
168     protected void setPassword(String password) {
169         _password = password;
170     }
171 
172     protected void setPrincipal(Principal principal) {
173         _principal = principal;
174     }
175 
176     private static Log _log = LogFactoryUtil.getLog(BasicLoginModule.class);
177 
178     private CallbackHandler _callbackHandler;
179     private String _password;
180     private Principal _principal;
181     private Subject _subject;
182 
183 }