001/* 002 Licensed to the Apache Software Foundation (ASF) under one 003 or more contributor license agreements. See the NOTICE file 004 distributed with this work for additional information 005 regarding copyright ownership. The ASF licenses this file 006 to you under the Apache License, Version 2.0 (the 007 "License"); you may not use this file except in compliance 008 with the License. You may obtain a copy of the License at 009 010 http://www.apache.org/licenses/LICENSE-2.0 011 012 Unless required by applicable law or agreed to in writing, 013 software distributed under the License is distributed on an 014 "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 KIND, either express or implied. See the License for the 016 specific language governing permissions and limitations 017 under the License. 018 */ 019package org.apache.wiki.auth.login; 020 021import java.io.IOException; 022 023import javax.security.auth.callback.Callback; 024import javax.security.auth.callback.NameCallback; 025import javax.security.auth.callback.PasswordCallback; 026import javax.security.auth.callback.UnsupportedCallbackException; 027import javax.security.auth.login.FailedLoginException; 028import javax.security.auth.login.LoginException; 029 030import org.apache.log4j.Logger; 031 032import org.apache.wiki.auth.NoSuchPrincipalException; 033import org.apache.wiki.auth.WikiPrincipal; 034import org.apache.wiki.auth.user.UserDatabase; 035import org.apache.wiki.auth.user.UserProfile; 036 037/** 038 * <p> 039 * Logs in a user based on a username, password, and static password file 040 * location. This module must be used with a CallbackHandler (such as 041 * {@link WikiCallbackHandler}) that supports the following Callback types: 042 * </p> 043 * <ol> 044 * <li>{@link javax.security.auth.callback.NameCallback}- supplies the 045 * username</li> 046 * <li>{@link javax.security.auth.callback.PasswordCallback}- supplies the 047 * password</li> 048 * <li>{@link org.apache.wiki.auth.login.UserDatabaseCallback}- supplies the 049 * {@link org.apache.wiki.auth.user.UserDatabase}</li> 050 * </ol> 051 * <p> 052 * After authentication, a Principals based on the login name will be created 053 * and associated with the Subject. 054 * </p> 055 * @since 2.3 056 */ 057public class UserDatabaseLoginModule extends AbstractLoginModule 058{ 059 060 private static final Logger log = Logger.getLogger( UserDatabaseLoginModule.class ); 061 062 /** 063 * @see javax.security.auth.spi.LoginModule#login() 064 * 065 * {@inheritDoc} 066 */ 067 public boolean login() throws LoginException 068 { 069 UserDatabaseCallback ucb = new UserDatabaseCallback(); 070 NameCallback ncb = new NameCallback( "User name" ); 071 PasswordCallback pcb = new PasswordCallback( "Password", false ); 072 Callback[] callbacks = new Callback[] 073 { ucb, ncb, pcb }; 074 try 075 { 076 m_handler.handle( callbacks ); 077 UserDatabase db = ucb.getUserDatabase(); 078 String username = ncb.getName(); 079 String password = new String( pcb.getPassword() ); 080 081 // Look up the user and compare the password hash 082 if ( db == null ) 083 { 084 throw new FailedLoginException( "No user database: check the callback handler code!" ); 085 } 086 UserProfile profile = db.findByLoginName( username ); 087 String storedPassword = profile.getPassword(); 088 if ( storedPassword != null && db.validatePassword( username, password ) ) 089 { 090 if ( log.isDebugEnabled() ) 091 { 092 log.debug( "Logged in user database user " + username ); 093 } 094 095 // If login succeeds, commit these principals/roles 096 m_principals.add( new WikiPrincipal( username, WikiPrincipal.LOGIN_NAME ) ); 097 098 return true; 099 } 100 throw new FailedLoginException( "The username or password is incorrect." ); 101 } 102 catch( IOException e ) 103 { 104 String message = "IO exception; disallowing login."; 105 log.error( message, e ); 106 throw new LoginException( message ); 107 } 108 catch( UnsupportedCallbackException e ) 109 { 110 String message = "Unable to handle callback; disallowing login."; 111 log.error( message, e ); 112 throw new LoginException( message ); 113 } 114 catch( NoSuchPrincipalException e ) 115 { 116 throw new FailedLoginException( "The username or password is incorrect." ); 117 } 118 } 119 120}