1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * This library is free software; you can redistribute it and/or modify it under
5    * the terms of the GNU Lesser General Public License as published by the Free
6    * Software Foundation; either version 2.1 of the License, or (at your option)
7    * any later version.
8    *
9    * This library is distributed in the hope that it will be useful, but WITHOUT
10   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
11   * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
12   * details.
13   */
14  
15  package com.liferay.portal.security.jaas.ext;
16  
17  import com.liferay.portal.kernel.log.Log;
18  import com.liferay.portal.kernel.log.LogFactoryUtil;
19  import com.liferay.portal.kernel.security.jaas.PortalPrincipal;
20  import com.liferay.portal.kernel.util.GetterUtil;
21  import com.liferay.portal.kernel.util.StringPool;
22  import com.liferay.portal.service.UserLocalServiceUtil;
23  
24  import java.io.IOException;
25  
26  import java.security.Principal;
27  
28  import java.util.Map;
29  
30  import javax.security.auth.Subject;
31  import javax.security.auth.callback.Callback;
32  import javax.security.auth.callback.CallbackHandler;
33  import javax.security.auth.callback.NameCallback;
34  import javax.security.auth.callback.PasswordCallback;
35  import javax.security.auth.callback.UnsupportedCallbackException;
36  import javax.security.auth.login.LoginException;
37  import javax.security.auth.spi.LoginModule;
38  
39  /**
40   * <a href="BasicLoginModule.java.html"><b><i>View Source</i></b></a>
41   *
42   * @author Brian Wing Shun Chan
43   */
44  public class BasicLoginModule implements LoginModule {
45  
46      public boolean abort() {
47          return true;
48      }
49  
50      public boolean commit() {
51          if (getPrincipal() != null) {
52              getSubject().getPrincipals().add(getPrincipal());
53  
54              return true;
55          }
56          else {
57              return false;
58          }
59      }
60  
61      public void initialize(
62          Subject subject, CallbackHandler callbackHandler,
63          Map<String, ?> sharedState, Map<String, ?> options) {
64  
65          _subject = subject;
66          _callbackHandler = callbackHandler;
67      }
68  
69      public boolean login() throws LoginException {
70          String[] credentials = null;
71  
72          try {
73              credentials = authenticate();
74          }
75          catch (Exception e) {
76              _log.error(e.getMessage());
77  
78              throw new LoginException();
79          }
80  
81          if ((credentials != null) && (credentials.length == 2)) {
82              setPrincipal(getPortalPrincipal(credentials[0]));
83              setPassword(credentials[1]);
84  
85              return true;
86          }
87          else {
88              throw new LoginException();
89          }
90      }
91  
92      public boolean logout() {
93          getSubject().getPrincipals().clear();
94  
95          return true;
96      }
97  
98      protected Subject getSubject() {
99          return _subject;
100     }
101 
102     protected Principal getPrincipal() {
103         return _principal;
104     }
105 
106     protected void setPrincipal(Principal principal) {
107         _principal = principal;
108     }
109 
110     protected Principal getPortalPrincipal(String name) {
111         return new PortalPrincipal(name);
112     }
113 
114     protected String getPassword() {
115         return _password;
116     }
117 
118     protected void setPassword(String password) {
119         _password = password;
120     }
121 
122     protected String[] authenticate()
123         throws IOException, UnsupportedCallbackException {
124 
125         NameCallback nameCallback = new NameCallback("name: ");
126         PasswordCallback passwordCallback =
127             new PasswordCallback("password: ", false);
128 
129         _callbackHandler.handle(
130             new Callback[] {
131                 nameCallback, passwordCallback
132             });
133 
134         String name = nameCallback.getName();
135 
136         String password = null;
137         char[] passwordChar = passwordCallback.getPassword();
138 
139         if (passwordChar != null) {
140             password = new String(passwordChar);
141         }
142 
143         if (name == null) {
144             return new String[] {StringPool.BLANK, StringPool.BLANK};
145         }
146 
147         try {
148             long userId = GetterUtil.getLong(name);
149 
150             if (UserLocalServiceUtil.authenticateForJAAS(userId, password)) {
151                 return new String[] {name, password};
152             }
153         }
154         catch (Exception e) {
155             _log.error(e, e);
156         }
157 
158         return null;
159     }
160 
161     private static Log _log = LogFactoryUtil.getLog(BasicLoginModule.class);
162 
163     private Subject _subject;
164     private CallbackHandler _callbackHandler;
165     private Principal _principal;
166     private String _password;
167 
168 }