001/* 002 Licensed to the Apache Software Foundation (ASF) under one 003 or more contributor license agreements. See the NOTICE file 004 distributed with this work for additional information 005 regarding copyright ownership. The ASF licenses this file 006 to you under the Apache License, Version 2.0 (the 007 "License"); you may not use this file except in compliance 008 with the License. You may obtain a copy of the License at 009 010 http://www.apache.org/licenses/LICENSE-2.0 011 012 Unless required by applicable law or agreed to in writing, 013 software distributed under the License is distributed on an 014 "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 KIND, either express or implied. See the License for the 016 specific language governing permissions and limitations 017 under the License. 018 */ 019package org.apache.wiki.auth.login; 020 021import java.io.IOException; 022 023import javax.security.auth.callback.Callback; 024import javax.security.auth.callback.NameCallback; 025import javax.security.auth.callback.PasswordCallback; 026import javax.security.auth.callback.UnsupportedCallbackException; 027import javax.security.auth.login.FailedLoginException; 028import javax.security.auth.login.LoginException; 029 030import org.apache.logging.log4j.LogManager; 031import org.apache.logging.log4j.Logger; 032 033import org.apache.wiki.auth.NoSuchPrincipalException; 034import org.apache.wiki.auth.WikiPrincipal; 035import org.apache.wiki.auth.user.UserDatabase; 036import org.apache.wiki.auth.user.UserProfile; 037 038/** 039 * <p> 040 * Logs in a user based on a username, password, and static password file 041 * location. This module must be used with a CallbackHandler (such as 042 * {@link WikiCallbackHandler}) that supports the following Callback types: 043 * </p> 044 * <ol> 045 * <li>{@link javax.security.auth.callback.NameCallback}- supplies the 046 * username</li> 047 * <li>{@link javax.security.auth.callback.PasswordCallback}- supplies the 048 * password</li> 049 * <li>{@link org.apache.wiki.auth.login.UserDatabaseCallback}- supplies the 050 * {@link org.apache.wiki.auth.user.UserDatabase}</li> 051 * </ol> 052 * <p> 053 * After authentication, a Principals based on the login name will be created 054 * and associated with the Subject. 055 * </p> 056 * @since 2.3 057 */ 058public class UserDatabaseLoginModule extends AbstractLoginModule 059{ 060 061 private static final Logger log = LogManager.getLogger( UserDatabaseLoginModule.class ); 062 063 /** 064 * @see javax.security.auth.spi.LoginModule#login() 065 * 066 * {@inheritDoc} 067 */ 068 public boolean login() throws LoginException 069 { 070 final UserDatabaseCallback ucb = new UserDatabaseCallback(); 071 final NameCallback ncb = new NameCallback( "User name" ); 072 final PasswordCallback pcb = new PasswordCallback( "Password", false ); 073 final Callback[] callbacks = new Callback[] 074 { ucb, ncb, pcb }; 075 try 076 { 077 m_handler.handle( callbacks ); 078 final UserDatabase db = ucb.getUserDatabase(); 079 final String username = ncb.getName(); 080 final String password = new String( pcb.getPassword() ); 081 082 // Look up the user and compare the password hash 083 if ( db == null ) 084 { 085 throw new FailedLoginException( "No user database: check the callback handler code!" ); 086 } 087 final UserProfile profile = db.findByLoginName( username ); 088 final String storedPassword = profile.getPassword(); 089 if ( storedPassword != null && db.validatePassword( username, password ) ) 090 { 091 if ( log.isDebugEnabled() ) 092 { 093 log.debug( "Logged in user database user " + username ); 094 } 095 096 // If login succeeds, commit these principals/roles 097 m_principals.add( new WikiPrincipal( username, WikiPrincipal.LOGIN_NAME ) ); 098 099 return true; 100 } 101 throw new FailedLoginException( "The username or password is incorrect." ); 102 } 103 catch( final IOException e ) 104 { 105 final String message = "IO exception; disallowing login."; 106 log.error( message, e ); 107 throw new LoginException( message ); 108 } 109 catch( final UnsupportedCallbackException e ) 110 { 111 final String message = "Unable to handle callback; disallowing login."; 112 log.error( message, e ); 113 throw new LoginException( message ); 114 } 115 catch( final NoSuchPrincipalException e ) 116 { 117 throw new FailedLoginException( "The username or password is incorrect." ); 118 } 119 } 120 121}