001
014
015 package com.liferay.portal.security.jaas.ext;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.kernel.security.jaas.PortalPrincipal;
020 import com.liferay.portal.kernel.util.StringPool;
021 import com.liferay.portal.model.Company;
022 import com.liferay.portal.security.jaas.JAASHelper;
023 import com.liferay.portal.service.CompanyLocalServiceUtil;
024 import com.liferay.portal.service.UserLocalServiceUtil;
025
026 import java.io.IOException;
027
028 import java.security.Principal;
029
030 import java.util.List;
031 import java.util.Map;
032 import java.util.Set;
033
034 import javax.security.auth.Subject;
035 import javax.security.auth.callback.Callback;
036 import javax.security.auth.callback.CallbackHandler;
037 import javax.security.auth.callback.NameCallback;
038 import javax.security.auth.callback.PasswordCallback;
039 import javax.security.auth.callback.UnsupportedCallbackException;
040 import javax.security.auth.login.LoginException;
041 import javax.security.auth.spi.LoginModule;
042
043
046 public class BasicLoginModule implements LoginModule {
047
048 @Override
049 public boolean abort() {
050 return true;
051 }
052
053 @Override
054 @SuppressWarnings("unused")
055 public boolean commit() throws LoginException {
056 Principal principal = getPrincipal();
057
058 if (principal != null) {
059 Subject subject = getSubject();
060
061 Set<Principal> principals = subject.getPrincipals();
062
063 principals.add(getPrincipal());
064
065 return true;
066 }
067 else {
068 return false;
069 }
070 }
071
072 @Override
073 public void initialize(
074 Subject subject, CallbackHandler callbackHandler,
075 Map<String, ?> sharedState, Map<String, ?> options) {
076
077 _subject = subject;
078 _callbackHandler = callbackHandler;
079 }
080
081 @Override
082 public boolean login() throws LoginException {
083 String[] credentials = null;
084
085 try {
086 credentials = authenticate();
087 }
088 catch (Exception e) {
089 _log.error(e.getMessage());
090
091 throw new LoginException();
092 }
093
094 if ((credentials != null) && (credentials.length == 2)) {
095 setPrincipal(getPortalPrincipal(credentials[0]));
096 setPassword(credentials[1]);
097
098 return true;
099 }
100 else {
101 throw new LoginException();
102 }
103 }
104
105 @Override
106 public boolean logout() {
107 Subject subject = getSubject();
108
109 Set<Principal> principals = subject.getPrincipals();
110
111 principals.clear();
112
113 return true;
114 }
115
116 protected String[] authenticate()
117 throws IOException, UnsupportedCallbackException {
118
119 NameCallback nameCallback = new NameCallback("name: ");
120 PasswordCallback passwordCallback = new PasswordCallback(
121 "password: ", false);
122
123 _callbackHandler.handle(
124 new Callback[] {nameCallback, passwordCallback});
125
126 String name = nameCallback.getName();
127
128 String password = null;
129 char[] passwordChar = passwordCallback.getPassword();
130
131 if (passwordChar != null) {
132 password = new String(passwordChar);
133 }
134
135 if (name == null) {
136 return new String[] {StringPool.BLANK, StringPool.BLANK};
137 }
138
139 try {
140 List<Company> companies = CompanyLocalServiceUtil.getCompanies();
141
142 for (Company company : companies) {
143 long userId = JAASHelper.getJaasUserId(
144 company.getCompanyId(), name);
145
146 if (userId == 0) {
147 continue;
148 }
149
150 if (UserLocalServiceUtil.authenticateForJAAS(
151 userId, password)) {
152
153 return new String[] {name, password};
154 }
155 }
156 }
157 catch (Exception e) {
158 _log.error(e, e);
159 }
160
161 return null;
162 }
163
164 protected String getPassword() {
165 return _password;
166 }
167
168 @SuppressWarnings("unused")
169 protected Principal getPortalPrincipal(String name) throws LoginException {
170 return new PortalPrincipal(name);
171 }
172
173 protected Principal getPrincipal() {
174 return _principal;
175 }
176
177 protected Subject getSubject() {
178 return _subject;
179 }
180
181 protected void setPassword(String password) {
182 _password = password;
183 }
184
185 protected void setPrincipal(Principal principal) {
186 _principal = principal;
187 }
188
189 private static Log _log = LogFactoryUtil.getLog(BasicLoginModule.class);
190
191 private CallbackHandler _callbackHandler;
192 private String _password;
193 private Principal _principal;
194 private Subject _subject;
195
196 }