1
22
23 package com.liferay.portal.security.jaas.ext;
24
25 import com.liferay.portal.kernel.log.Log;
26 import com.liferay.portal.kernel.log.LogFactoryUtil;
27 import com.liferay.portal.kernel.security.jaas.PortalPrincipal;
28 import com.liferay.portal.kernel.util.GetterUtil;
29 import com.liferay.portal.kernel.util.StringPool;
30 import com.liferay.portal.service.UserLocalServiceUtil;
31
32 import java.io.IOException;
33
34 import java.security.Principal;
35
36 import java.util.Map;
37
38 import javax.security.auth.Subject;
39 import javax.security.auth.callback.Callback;
40 import javax.security.auth.callback.CallbackHandler;
41 import javax.security.auth.callback.NameCallback;
42 import javax.security.auth.callback.PasswordCallback;
43 import javax.security.auth.callback.UnsupportedCallbackException;
44 import javax.security.auth.login.LoginException;
45 import javax.security.auth.spi.LoginModule;
46
47
53 public class BasicLoginModule implements LoginModule {
54
55 public boolean abort() {
56 return true;
57 }
58
59 public boolean commit() {
60 if (getPrincipal() != null) {
61 getSubject().getPrincipals().add(getPrincipal());
62
63 return true;
64 }
65 else {
66 return false;
67 }
68 }
69
70 public void initialize(
71 Subject subject, CallbackHandler callbackHandler,
72 Map<String, ?> sharedState, Map<String, ?> options) {
73
74 _subject = subject;
75 _callbackHandler = callbackHandler;
76 }
77
78 public boolean login() throws LoginException {
79 String[] credentials = null;
80
81 try {
82 credentials = authenticate();
83 }
84 catch (Exception e) {
85 _log.error(e.getMessage());
86
87 throw new LoginException();
88 }
89
90 if ((credentials != null) && (credentials.length == 2)) {
91 setPrincipal(getPortalPrincipal(credentials[0]));
92 setPassword(credentials[1]);
93
94 return true;
95 }
96 else {
97 throw new LoginException();
98 }
99 }
100
101 public boolean logout() {
102 getSubject().getPrincipals().clear();
103
104 return true;
105 }
106
107 protected Subject getSubject() {
108 return _subject;
109 }
110
111 protected Principal getPrincipal() {
112 return _principal;
113 }
114
115 protected void setPrincipal(Principal principal) {
116 _principal = principal;
117 }
118
119 protected Principal getPortalPrincipal(String name) {
120 return new PortalPrincipal(name);
121 }
122
123 protected String getPassword() {
124 return _password;
125 }
126
127 protected void setPassword(String password) {
128 _password = password;
129 }
130
131 protected String[] authenticate()
132 throws IOException, UnsupportedCallbackException {
133
134 NameCallback nameCallback = new NameCallback("name: ");
135 PasswordCallback passwordCallback =
136 new PasswordCallback("password: ", false);
137
138 _callbackHandler.handle(
139 new Callback[] {
140 nameCallback, passwordCallback
141 });
142
143 String name = nameCallback.getName();
144
145 String password = null;
146 char[] passwordChar = passwordCallback.getPassword();
147
148 if (passwordChar != null) {
149 password = new String(passwordChar);
150 }
151
152 if (name == null) {
153 return new String[] {StringPool.BLANK, StringPool.BLANK};
154 }
155
156 try {
157 long userId = GetterUtil.getLong(name);
158
159 if (UserLocalServiceUtil.authenticateForJAAS(userId, password)) {
160 return new String[] {name, password};
161 }
162 }
163 catch (Exception e) {
164 _log.error(e, e);
165 }
166
167 return null;
168 }
169
170 private static Log _log = LogFactoryUtil.getLog(BasicLoginModule.class);
171
172 private Subject _subject;
173 private CallbackHandler _callbackHandler;
174 private Principal _principal;
175 private String _password;
176
177 }