Source Code of com.evasion.sam.jaas.EvasionEJBLoginModule

package com.evasion.sam.jaas;

import com.evasion.sam.ejb.JNDIClient;
import com.evasion.sam.ejb.JaasEjb;
import com.evasion.sam.PasswordEncoder;
import java.util.Map;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

/**
 * Module d'authentification JAAS.
 * @TODO implémenter la récupération en base de données.
 * @author sebastien
 */
public class EvasionEJBLoginModule implements LoginModule {

    /**
     * LOGGER.
     */
    private static final Logger LOGGER = Logger.getLogger(EvasionEJBLoginModule.class.getName());

    private static final String PARAM_DIGEST_ALGORITHM = "digest-algorithm";

    private static final String DEFAULT_DIGEST_ALGORITHM = "sha+salt";

    private static final String PARAM_EJB_JNDI = "EJB-jndi";

    private static final String PARAM_PROVIDER_URL = "provider-url";

    private Subject subject;

    private String username = null;

    private String password = null;

    private CallbackHandler callbackHandler;

    private boolean success = true;

    private JaasEjb loginEJB = null;

    @Override
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) {

        this.subject = subject;
        this.callbackHandler = callbackHandler;
        LOGGER.info("Init Evasion Login Module");
        String jndi = (String) options.get(PARAM_EJB_JNDI);
        String digestAlgorithm = (String) options.get(PARAM_DIGEST_ALGORITHM);
        String providerUrl = (String) options.get(PARAM_PROVIDER_URL);

        LOGGER.info("------- Properties ------------------");
        completePropertiesAndLog(PARAM_EJB_JNDI, jndi);
        completePropertiesAndLog(PARAM_PROVIDER_URL, providerUrl);
        completePropertiesAndLogWhtihDefaultValue(PARAM_DIGEST_ALGORITHM, digestAlgorithm, DEFAULT_DIGEST_ALGORITHM);

        JNDIClient ejbClient = new JNDIClient(providerUrl);
        loginEJB = (JaasEjb) ejbClient.lookup(jndi);

    }

    private void completePropertiesAndLog(String propertyName, String propertyValue) {
        LOGGER.info(propertyName + " : " + propertyValue);
        if (propertyValue == null || propertyValue.equals("")) {
            LOGGER.severe(propertyName + " can not be null");
        }
    }

    private void completePropertiesAndLogWhtihDefaultValue(String propertyName, String propertyValue, String defaultValue) {
        if (propertyValue == null || ("").equals(propertyValue)) {
            propertyValue = defaultValue;
        }
        completePropertiesAndLog(propertyName, propertyValue);
    }

    @Override
    public boolean login() throws LoginException {
        LOGGER.info("Start Login");
        traitementPWD();

        String dbPassword = loginEJB.getPassword(username);
        if (dbPassword==null || !dbPassword.equals(password)) {
            throw new LoginException("Bad username or password  for username=" + username);
        }
        LOGGER.fine("Login succes");
        return true;
    }

    private boolean traitementPWD() throws LoginException {
        try {

            NameCallback nc = new NameCallback("UsrName");
            PasswordCallback pc = new PasswordCallback("Passwd", false);
            callbackHandler.handle(new Callback[]{nc, pc});
            username = nc.getName();
            char[] tmp = pc.getPassword();
            if (tmp != null) {
                password = new String(tmp);
            }
            if (password == null || password.isEmpty() || username == null || username.isEmpty()) {
                LOGGER.severe("User or password are null");
                throw new LoginException("Login Failed for user " + username + "!!!");
            }

            password = PasswordEncoder.encodePassword(username, password);
            pc.clearPassword();
        } catch (Exception ex) {
            success = false;
            LoginException le = new LoginException("Login Failed!!!");
            LOGGER.severe("Login Failed with username: " + username + " and password: xxxxxx");
            le.initCause(ex);
            throw le;
        }
        LOGGER.fine("Login with username: " + username + " and password: xxxxxxxxx");
        return true;
    }

    @Override
    public boolean commit() throws LoginException {
        LOGGER.fine("Commit");
        if (username != null && success) {
            subject.getPrincipals().add(loginEJB.getEvasionPrincipal(username));
            EvasionGroup roles = loginEJB.getAllRoles(username);
            subject.getPrincipals().add(roles);
        }
        return true;
    }

    @Override
    public boolean abort() throws LoginException {
        username = null;
        password = null;
        return true;
    }

    @Override
    public boolean logout() throws LoginException {
        subject.getPrincipals().remove(new EvasionPrincipal(username));
        username = null;
        password = null;
        return true;
    }
}