001 /*
002 Licensed to the Apache Software Foundation (ASF) under one
003 or more contributor license agreements. See the NOTICE file
004 distributed with this work for additional information
005 regarding copyright ownership. The ASF licenses this file
006 to you under the Apache License, Version 2.0 (the
007 "License"); you may not use this file except in compliance
008 with the License. You may obtain a copy of the License at
009
010 http://www.apache.org/licenses/LICENSE-2.0
011
012 Unless required by applicable law or agreed to in writing,
013 software distributed under the License is distributed on an
014 "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 KIND, either express or implied. See the License for the
016 specific language governing permissions and limitations
017 under the License.
018 */
019 package org.apache.wiki.auth.login;
020
021 import java.io.IOException;
022
023 import javax.security.auth.callback.Callback;
024 import javax.security.auth.callback.UnsupportedCallbackException;
025 import javax.security.auth.login.LoginException;
026 import javax.servlet.http.HttpServletRequest;
027 import javax.servlet.http.HttpSession;
028
029 import org.apache.log4j.Logger;
030
031 import org.apache.wiki.auth.WikiPrincipal;
032 import org.apache.wiki.util.HttpUtil;
033
034 /**
035 * <p>
036 * Logs in a user based solely on IP address; no other authentication is
037 * performed. Barring a mis-configuration or I/O error, this LoginModule
038 * <em>always</em> succeeds.
039 * </p>
040 * This module must be used with a CallbackHandler (such as
041 * {@link WebContainerCallbackHandler}) that supports the following Callback
042 * types:
043 * </p>
044 * <ol>
045 * <li>{@link HttpRequestCallback}- supplies the IP address, which is used as
046 * a backup in case no name is supplied.</li>
047 * </ol>
048 * <p>
049 * After authentication, a generic WikiPrincipal based on the IP address will be
050 * created and associated with the Subject.
051 * @see javax.security.auth.spi.LoginModule#commit()
052 * </p>
053 * @since 2.3
054 */
055 public class AnonymousLoginModule extends AbstractLoginModule
056 {
057
058 /**
059 * Bogus prompt sent to the callback handler.
060 */
061 public static final String PROMPT = "User name";
062
063 protected static final Logger log = Logger.getLogger( AnonymousLoginModule.class );
064
065 /**
066 * Logs in the user by calling back to the registered CallbackHandler with an
067 * HttpRequestCallback. The CallbackHandler must supply the current servlet
068 * HTTP request as its response.
069 * @return the result of the login; this will always be <code>true</code>.
070 * @see javax.security.auth.spi.LoginModule#login()
071 * @throws {@inheritDoc}
072 */
073 public boolean login() throws LoginException
074 {
075 // Let's go and make a Principal based on the IP address
076 HttpRequestCallback hcb = new HttpRequestCallback();
077 Callback[] callbacks = new Callback[]
078 { hcb };
079 try
080 {
081 m_handler.handle( callbacks );
082 HttpServletRequest request = hcb.getRequest();
083 WikiPrincipal ipAddr = new WikiPrincipal( HttpUtil.getRemoteAddress(request) );
084 if ( log.isDebugEnabled() )
085 {
086 HttpSession session = request.getSession( false );
087 String sid = (session == null) ? NULL : session.getId();
088 log.debug("Logged in session ID=" + sid + "; IP=" + ipAddr);
089 }
090 // If login succeeds, commit these principals/roles
091 m_principals.add( ipAddr );
092 return true;
093 }
094 catch( IOException e )
095 {
096 log.error("IOException: " + e.getMessage());
097 return false;
098 }
099 catch( UnsupportedCallbackException e )
100 {
101 String message = "Unable to handle callback, disallowing login.";
102 log.error( message, e );
103 throw new LoginException( message );
104 }
105
106 }
107
108 }