Source code

001/*
002    Licensed to the Apache Software Foundation (ASF) under one
003    or more contributor license agreements.  See the NOTICE file
004    distributed with this work for additional information
005    regarding copyright ownership.  The ASF licenses this file
006    to you under the Apache License, Version 2.0 (the
007    "License"); you may not use this file except in compliance
008    with the License.  You may obtain a copy of the License at
009
010       http://www.apache.org/licenses/LICENSE-2.0
011
012    Unless required by applicable law or agreed to in writing,
013    software distributed under the License is distributed on an
014    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015    KIND, either express or implied.  See the License for the
016    specific language governing permissions and limitations
017    under the License.    
018 */
019package org.apache.wiki.auth.login;
020
021import org.apache.logging.log4j.LogManager;
022import org.apache.logging.log4j.Logger;
023import org.apache.wiki.auth.WikiPrincipal;
024
025import javax.security.auth.callback.Callback;
026import javax.security.auth.callback.UnsupportedCallbackException;
027import javax.security.auth.login.FailedLoginException;
028import javax.security.auth.login.LoginException;
029import javax.servlet.http.HttpServletRequest;
030import javax.servlet.http.HttpSession;
031import java.io.IOException;
032import java.security.Principal;
033
034/**
035 * <p>
036 * Logs in a user by extracting authentication data from an Http servlet
037 * session. First, the module tries to extract a Principal object out of the
038 * request directly using the servlet requests's <code>getUserPrincipal()</code>
039 * method. If one is found, authentication succeeds. If there is no
040 * Principal in the request, try calling <code>getRemoteUser()</code>. If
041 * the <code>remoteUser</code> exists but the UserDatabase can't find a matching
042 * profile, a generic WikiPrincipal is created with this value. If neither
043 * <code>userPrincipal</code> nor <code>remoteUser</code> exist in the request, the login fails.
044 * </p>
045 * <p>
046 * This module must be used with a CallbackHandler that supports the following
047 * Callback types:
048 * </p>
049 * <ol>
050 * <li>{@link HttpRequestCallback} - supplies the Http request object, from
051 * which the getRemoteUser and getUserPrincipal are extracted</li>
052 * <li>{@link UserDatabaseCallback} - supplies the user database for looking up
053 * the value of getRemoteUser</li>
054 * </ol>
055 * <p>
056 * After authentication, the Subject will contain the Principal that
057 * represents the logged-in user.</p>
058 *
059 * @since 2.3
060 */
061public class WebContainerLoginModule extends AbstractLoginModule {
062
063    protected static final Logger log = LogManager.getLogger( WebContainerLoginModule.class );
064
065    /**
066     * Logs in the user.
067     * @see javax.security.auth.spi.LoginModule#login()
068     * 
069     * @return {@inheritDoc}
070     * @throws LoginException {@inheritDoc}
071     */
072    public boolean login() throws LoginException
073    {
074        final HttpRequestCallback rcb = new HttpRequestCallback();
075        final Callback[] callbacks = new Callback[] { rcb };
076        final String userId;
077
078        try
079        {
080            // First, try to extract a Principal object out of the request
081            // directly. If we find one, we're done.
082            m_handler.handle( callbacks );
083            final HttpServletRequest request = rcb.getRequest();
084            if ( request == null )
085            {
086                throw new LoginException( "No Http request supplied." );
087            }
088            final HttpSession session = request.getSession(false);
089            final String sid = (session == null) ? NULL : session.getId();
090            Principal principal = request.getUserPrincipal();
091            if ( principal == null )
092            {
093                // If no Principal in request, try the remoteUser
094                if ( log.isDebugEnabled() )
095                {
096                    log.debug( "No userPrincipal found for session ID=" + sid);
097                }
098                userId = request.getRemoteUser();
099                if ( userId == null )
100                {
101                    if ( log.isDebugEnabled() )
102                    {
103                        log.debug( "No remoteUser found for session ID=" + sid);
104                    }
105                    throw new FailedLoginException( "No remote user found" );
106                }
107                principal = new WikiPrincipal( userId, WikiPrincipal.LOGIN_NAME );
108            }
109            if ( log.isDebugEnabled() )
110            {
111                log.debug("Logged in container principal " + principal.getName() + "." );
112            }
113            m_principals.add( principal );
114
115            return true;
116        }
117        catch( final IOException e )
118        {
119            log.error( "IOException: " + e.getMessage() );
120            return false;
121        }
122        catch( final UnsupportedCallbackException e )
123        {
124            log.error( "UnsupportedCallbackException: " + e.getMessage() );
125            return false;
126        }
127    }
128}