1
22
23 package com.liferay.portal.security.jaas.ext;
24
25 import com.liferay.portal.kernel.security.jaas.PortalPrincipal;
26 import com.liferay.portal.kernel.util.GetterUtil;
27 import com.liferay.portal.kernel.util.StringPool;
28 import com.liferay.portal.service.UserLocalServiceUtil;
29
30 import java.io.IOException;
31
32 import java.security.Principal;
33
34 import java.util.Map;
35
36 import javax.security.auth.Subject;
37 import javax.security.auth.callback.Callback;
38 import javax.security.auth.callback.CallbackHandler;
39 import javax.security.auth.callback.NameCallback;
40 import javax.security.auth.callback.PasswordCallback;
41 import javax.security.auth.callback.UnsupportedCallbackException;
42 import javax.security.auth.login.LoginException;
43 import javax.security.auth.spi.LoginModule;
44
45 import org.apache.commons.logging.Log;
46 import org.apache.commons.logging.LogFactory;
47
48
54 public class BasicLoginModule implements LoginModule {
55
56 public boolean abort() {
57 return true;
58 }
59
60 public boolean commit() {
61 if (getPrincipal() != null) {
62 getSubject().getPrincipals().add(getPrincipal());
63
64 return true;
65 }
66 else {
67 return false;
68 }
69 }
70
71 public void initialize(
72 Subject subject, CallbackHandler callbackHandler, Map sharedState,
73 Map options) {
74
75 _subject = subject;
76 _callbackHandler = callbackHandler;
77 }
78
79 public boolean login() throws LoginException {
80 String[] credentials = null;
81
82 try {
83 credentials = authenticate();
84 }
85 catch (Exception e) {
86 _log.error(e.getMessage());
87
88 throw new LoginException();
89 }
90
91 if ((credentials != null) && (credentials.length == 2)) {
92 setPrincipal(getPortalPrincipal(credentials[0]));
93 setPassword(credentials[1]);
94
95 return true;
96 }
97 else {
98 throw new LoginException();
99 }
100 }
101
102 public boolean logout() {
103 getSubject().getPrincipals().clear();
104
105 return true;
106 }
107
108 protected Subject getSubject() {
109 return _subject;
110 }
111
112 protected Principal getPrincipal() {
113 return _principal;
114 }
115
116 protected void setPrincipal(Principal principal) {
117 _principal = principal;
118 }
119
120 protected Principal getPortalPrincipal(String name) {
121 return new PortalPrincipal(name);
122 }
123
124 protected String getPassword() {
125 return _password;
126 }
127
128 protected void setPassword(String password) {
129 _password = password;
130 }
131
132 protected String[] authenticate()
133 throws IOException, UnsupportedCallbackException {
134
135 NameCallback nameCallback = new NameCallback("name: ");
136 PasswordCallback passwordCallback =
137 new PasswordCallback("password: ", false);
138
139 _callbackHandler.handle(
140 new Callback[] {
141 nameCallback, passwordCallback
142 });
143
144 String name = nameCallback.getName();
145
146 String password = null;
147 char[] passwordChar = passwordCallback.getPassword();
148
149 if (passwordChar != null) {
150 password = new String(passwordChar);
151 }
152
153 if (name == null) {
154 return new String[] {StringPool.BLANK, StringPool.BLANK};
155 }
156
157 try {
158 long userId = GetterUtil.getLong(name);
159
160 if (UserLocalServiceUtil.authenticateForJAAS(userId, password)) {
161 return new String[] {name, password};
162 }
163 }
164 catch (Exception e) {
165 _log.error(e, e);
166 }
167
168 return null;
169 }
170
171 private static Log _log = LogFactory.getLog(BasicLoginModule.class);
172
173 private Subject _subject;
174 private CallbackHandler _callbackHandler;
175 private Principal _principal;
176 private String _password;
177
178 }