001/*
002    Licensed to the Apache Software Foundation (ASF) under one
003    or more contributor license agreements.  See the NOTICE file
004    distributed with this work for additional information
005    regarding copyright ownership.  The ASF licenses this file
006    to you under the Apache License, Version 2.0 (the
007    "License"); you may not use this file except in compliance
008    with the License.  You may obtain a copy of the License at
009
010       http://www.apache.org/licenses/LICENSE-2.0
011
012    Unless required by applicable law or agreed to in writing,
013    software distributed under the License is distributed on an
014    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015    KIND, either express or implied.  See the License for the
016    specific language governing permissions and limitations
017    under the License.    
018 */
019package org.apache.wiki.auth.login;
020
021import java.io.IOException;
022
023import javax.security.auth.callback.Callback;
024import javax.security.auth.callback.UnsupportedCallbackException;
025import javax.security.auth.login.LoginException;
026import javax.servlet.http.HttpServletRequest;
027import javax.servlet.http.HttpSession;
028
029import org.apache.log4j.Logger;
030
031import org.apache.wiki.auth.WikiPrincipal;
032import org.apache.wiki.util.HttpUtil;
033
034/**
035 * <p>
036 * Logs in a user based solely on IP address; no other authentication is
037 * performed. Barring a mis-configuration or I/O error, this LoginModule
038 * <em>always</em> succeeds.
039 * </p>
040 * This module must be used with a CallbackHandler (such as
041 * {@link WebContainerCallbackHandler}) that supports the following Callback
042 * types:
043 * </p>
044 * <ol>
045 * <li>{@link HttpRequestCallback}- supplies the IP address, which is used as
046 * a backup in case no name is supplied.</li>
047 * </ol>
048 * <p>
049 * After authentication, a generic WikiPrincipal based on the IP address will be
050 * created and associated with the Subject.
051 * @see javax.security.auth.spi.LoginModule#commit()
052 *      </p>
053 * @since 2.3
054 */
055public class AnonymousLoginModule extends AbstractLoginModule
056{
057
058    /**
059     * Bogus prompt sent to the callback handler.
060     */
061    public static final String PROMPT            = "User name";
062
063    protected static final Logger log            = Logger.getLogger( AnonymousLoginModule.class );
064
065    /**
066     * Logs in the user by calling back to the registered CallbackHandler with an
067     * HttpRequestCallback. The CallbackHandler must supply the current servlet
068     * HTTP request as its response.
069     * @return the result of the login; this will always be <code>true</code>.
070     * @see javax.security.auth.spi.LoginModule#login()
071     * @throws {@inheritDoc}
072     */
073    public boolean login() throws LoginException
074    {
075        // Let's go and make a Principal based on the IP address
076        HttpRequestCallback hcb = new HttpRequestCallback();
077        Callback[] callbacks = new Callback[]
078        { hcb };
079        try
080        {
081            m_handler.handle( callbacks );
082            HttpServletRequest request = hcb.getRequest();
083            WikiPrincipal ipAddr = new WikiPrincipal( HttpUtil.getRemoteAddress(request) );
084            if ( log.isDebugEnabled() )
085            {
086                HttpSession session = request.getSession( false );
087                String sid = (session == null) ? NULL : session.getId();
088                log.debug("Logged in session ID=" + sid + "; IP=" + ipAddr);
089            }
090            // If login succeeds, commit these principals/roles
091            m_principals.add( ipAddr );
092            return true;
093        }
094        catch( IOException e )
095        {
096            log.error("IOException: " + e.getMessage());
097            return false;
098        }
099        catch( UnsupportedCallbackException e )
100        {
101            String message = "Unable to handle callback, disallowing login.";
102            log.error( message, e );
103            throw new LoginException( message );
104        }
105
106    }
107
108}