Source Code of org.apache.jackrabbit.ocm.security.SimpleLoginModule

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.jackrabbit.ocm.security;

import java.util.HashSet;
import java.util.Map;
import java.util.Set;

import javax.jcr.Credentials;
import javax.jcr.SimpleCredentials;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

import org.apache.jackrabbit.core.security.AnonymousPrincipal;
import org.apache.jackrabbit.core.security.CredentialsCallback;
import org.apache.jackrabbit.core.security.SecurityConstants;
import org.apache.jackrabbit.core.security.UserPrincipal;

/**
 * A <code>SimpleLoginModule</code> ...
 */
public class SimpleLoginModule implements LoginModule
{

  /**
   * Name of the anonymous user id option in the LoginModule configuration
   */
  private static final String OPT_ANONYMOUS = "anonymousId";

  /**
   * The default user id for anonymous login
   */
  private static final String DEFAULT_ANONYMOUS_ID = "anonymous";

  // initial state
  private Subject subject;

  private CallbackHandler callbackHandler;

  private Map sharedState;

  private Map options;

  // configurable options
  //private boolean someOpt = false;

  // local authentication state:
  // the principals, i.e. the authenticated identities
  private final Set principals = new HashSet();

  /**
   * Id of an anonymous user login
   */
  private String anonymousUserId = DEFAULT_ANONYMOUS_ID;

  /**
   * Constructor
   */
  public SimpleLoginModule()
  {
  }

  //----------------------------------------------------------< LoginModule >
  /**
   * {@inheritDoc}
   */
  public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
  {
    this.subject = subject;
    this.callbackHandler = callbackHandler;
    this.sharedState = sharedState;
    this.options = options;

    // initialize any configured options
    //someOpt = "true".equalsIgnoreCase((String)options.get("someOpt"));
    String userId = (String) options.get(OPT_ANONYMOUS);
    if (userId != null)
    {
      anonymousUserId = userId;
    }
  }

  /**
   * {@inheritDoc}
   */
  public boolean login() throws LoginException
  {
    // prompt for a user name and password
    if (callbackHandler == null)
    {
      throw new LoginException("no CallbackHandler available");
    }

    Callback[] callbacks = new Callback[]
    { new CredentialsCallback() };

    boolean authenticated = false;
    principals.clear();
    try
    {
      callbackHandler.handle(callbacks);
      // credentials
      CredentialsCallback ccb = (CredentialsCallback) callbacks[0];
      Credentials creds = ccb.getCredentials();
      if (creds != null)
      {
        if (creds instanceof SimpleCredentials)
        {
          SimpleCredentials sc = (SimpleCredentials) creds;
          // authenticate

          Object attr = sc.getAttribute(SecurityConstants.IMPERSONATOR_ATTRIBUTE);
          if (attr != null && attr instanceof Subject)
          {
          }
          else
          {
            // @todo implement simple username/password authentication
          }

          if (anonymousUserId.equals(sc.getUserID()))
          {
            principals.add(new AnonymousPrincipal());
          }
          else
          {
            // else assume the user we authenticated is the UserPrincipal
            principals.add(new UserPrincipal(sc.getUserID()));
          }
          authenticated = true;
        }
      }
    }
    catch (java.io.IOException ioe)
    {
      throw new LoginException(ioe.toString());
    }
    catch (UnsupportedCallbackException uce)
    {
      throw new LoginException(uce.getCallback().toString() + " not available");
    }

    if (authenticated)
    {
      return !principals.isEmpty();
    }
    else
    {
      // authentication failed: clean out state
      principals.clear();
      throw new FailedLoginException();
    }
  }

  /**
   * {@inheritDoc}
   */
  public boolean commit() throws LoginException
  {
    if (principals.isEmpty())
    {
      return false;
    }
    else
    {
      // add a principals (authenticated identities) to the Subject
      subject.getPrincipals().addAll(principals);
      return true;
    }
  }

  /**
   * {@inheritDoc}
   */
  public boolean abort() throws LoginException
  {
    if (principals.isEmpty())
    {
      return false;
    }
    else
    {
      logout();
    }
    return true;
  }

  /**
   * {@inheritDoc}
   */
  public boolean logout() throws LoginException
  {
    subject.getPrincipals().removeAll(principals);
    principals.clear();
    return true;
  }
}