package com.evasion.sam.jaas;
import com.evasion.sam.ejb.JNDIClient;
import com.evasion.sam.ejb.JaasEjb;
import com.evasion.sam.PasswordEncoder;
import java.util.Map;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
/**
* Module d'authentification JAAS.
* @TODO implémenter la récupération en base de données.
* @author sebastien
*/
public class EvasionEJBLoginModule implements LoginModule {
/**
* LOGGER.
*/
private static final Logger LOGGER = Logger.getLogger(EvasionEJBLoginModule.class.getName());
private static final String PARAM_DIGEST_ALGORITHM = "digest-algorithm";
private static final String DEFAULT_DIGEST_ALGORITHM = "sha+salt";
private static final String PARAM_EJB_JNDI = "EJB-jndi";
private static final String PARAM_PROVIDER_URL = "provider-url";
private Subject subject;
private String username = null;
private String password = null;
private CallbackHandler callbackHandler;
private boolean success = true;
private JaasEjb loginEJB = null;
@Override
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) {
this.subject = subject;
this.callbackHandler = callbackHandler;
LOGGER.info("Init Evasion Login Module");
String jndi = (String) options.get(PARAM_EJB_JNDI);
String digestAlgorithm = (String) options.get(PARAM_DIGEST_ALGORITHM);
String providerUrl = (String) options.get(PARAM_PROVIDER_URL);
LOGGER.info("------- Properties ------------------");
completePropertiesAndLog(PARAM_EJB_JNDI, jndi);
completePropertiesAndLog(PARAM_PROVIDER_URL, providerUrl);
completePropertiesAndLogWhtihDefaultValue(PARAM_DIGEST_ALGORITHM, digestAlgorithm, DEFAULT_DIGEST_ALGORITHM);
JNDIClient ejbClient = new JNDIClient(providerUrl);
loginEJB = (JaasEjb) ejbClient.lookup(jndi);
}
private void completePropertiesAndLog(String propertyName, String propertyValue) {
LOGGER.info(propertyName + " : " + propertyValue);
if (propertyValue == null || propertyValue.equals("")) {
LOGGER.severe(propertyName + " can not be null");
}
}
private void completePropertiesAndLogWhtihDefaultValue(String propertyName, String propertyValue, String defaultValue) {
if (propertyValue == null || ("").equals(propertyValue)) {
propertyValue = defaultValue;
}
completePropertiesAndLog(propertyName, propertyValue);
}
@Override
public boolean login() throws LoginException {
LOGGER.info("Start Login");
traitementPWD();
String dbPassword = loginEJB.getPassword(username);
if (dbPassword==null || !dbPassword.equals(password)) {
throw new LoginException("Bad username or password for username=" + username);
}
LOGGER.fine("Login succes");
return true;
}
private boolean traitementPWD() throws LoginException {
try {
NameCallback nc = new NameCallback("UsrName");
PasswordCallback pc = new PasswordCallback("Passwd", false);
callbackHandler.handle(new Callback[]{nc, pc});
username = nc.getName();
char[] tmp = pc.getPassword();
if (tmp != null) {
password = new String(tmp);
}
if (password == null || password.isEmpty() || username == null || username.isEmpty()) {
LOGGER.severe("User or password are null");
throw new LoginException("Login Failed for user " + username + "!!!");
}
password = PasswordEncoder.encodePassword(username, password);
pc.clearPassword();
} catch (Exception ex) {
success = false;
LoginException le = new LoginException("Login Failed!!!");
LOGGER.severe("Login Failed with username: " + username + " and password: xxxxxx");
le.initCause(ex);
throw le;
}
LOGGER.fine("Login with username: " + username + " and password: xxxxxxxxx");
return true;
}
@Override
public boolean commit() throws LoginException {
LOGGER.fine("Commit");
if (username != null && success) {
subject.getPrincipals().add(loginEJB.getEvasionPrincipal(username));
EvasionGroup roles = loginEJB.getAllRoles(username);
subject.getPrincipals().add(roles);
}
return true;
}
@Override
public boolean abort() throws LoginException {
username = null;
password = null;
return true;
}
@Override
public boolean logout() throws LoginException {
subject.getPrincipals().remove(new EvasionPrincipal(username));
username = null;
password = null;
return true;
}
}