001/* 002 Licensed to the Apache Software Foundation (ASF) under one 003 or more contributor license agreements. See the NOTICE file 004 distributed with this work for additional information 005 regarding copyright ownership. The ASF licenses this file 006 to you under the Apache License, Version 2.0 (the 007 "License"); you may not use this file except in compliance 008 with the License. You may obtain a copy of the License at 009 010 http://www.apache.org/licenses/LICENSE-2.0 011 012 Unless required by applicable law or agreed to in writing, 013 software distributed under the License is distributed on an 014 "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 KIND, either express or implied. See the License for the 016 specific language governing permissions and limitations 017 under the License. 018 */ 019package org.apache.wiki.auth.login; 020 021import org.apache.logging.log4j.LogManager; 022import org.apache.logging.log4j.Logger; 023import org.apache.wiki.auth.NoSuchPrincipalException; 024import org.apache.wiki.auth.WikiPrincipal; 025import org.apache.wiki.auth.user.UserDatabase; 026import org.apache.wiki.auth.user.UserProfile; 027 028import javax.security.auth.callback.Callback; 029import javax.security.auth.callback.NameCallback; 030import javax.security.auth.callback.PasswordCallback; 031import javax.security.auth.callback.UnsupportedCallbackException; 032import javax.security.auth.login.FailedLoginException; 033import javax.security.auth.login.LoginException; 034import java.io.IOException; 035 036/** 037 * <p> 038 * Logs in a user based on a username, password, and static password file 039 * location. This module must be used with a CallbackHandler (such as 040 * {@link WikiCallbackHandler}) that supports the following Callback types: 041 * </p> 042 * <ol> 043 * <li>{@link javax.security.auth.callback.NameCallback}- supplies the 044 * username</li> 045 * <li>{@link javax.security.auth.callback.PasswordCallback}- supplies the 046 * password</li> 047 * <li>{@link org.apache.wiki.auth.login.UserDatabaseCallback}- supplies the 048 * {@link org.apache.wiki.auth.user.UserDatabase}</li> 049 * </ol> 050 * <p> 051 * After authentication, a Principals based on the login name will be created 052 * and associated with the Subject. 053 * </p> 054 * @since 2.3 055 */ 056public class UserDatabaseLoginModule extends AbstractLoginModule { 057 058 private static final Logger log = LogManager.getLogger( UserDatabaseLoginModule.class ); 059 060 /** 061 * @see javax.security.auth.spi.LoginModule#login() 062 * 063 * {@inheritDoc} 064 */ 065 public boolean login() throws LoginException 066 { 067 final UserDatabaseCallback ucb = new UserDatabaseCallback(); 068 final NameCallback ncb = new NameCallback( "User name" ); 069 final PasswordCallback pcb = new PasswordCallback( "Password", false ); 070 final Callback[] callbacks = new Callback[] 071 { ucb, ncb, pcb }; 072 try 073 { 074 m_handler.handle( callbacks ); 075 final UserDatabase db = ucb.getUserDatabase(); 076 final String username = ncb.getName(); 077 final String password = new String( pcb.getPassword() ); 078 079 // Look up the user and compare the password hash 080 if ( db == null ) { 081 throw new FailedLoginException( "No user database: check the callback handler code!" ); 082 } 083 final UserProfile profile = db.findByLoginName( username ); 084 final String storedPassword = profile.getPassword(); 085 if ( storedPassword != null && db.validatePassword( username, password ) ) { 086 log.debug( "Logged in user database user {}", username ); 087 088 // If login succeeds, commit these principals/roles 089 m_principals.add( new WikiPrincipal( username, WikiPrincipal.LOGIN_NAME ) ); 090 091 return true; 092 } 093 throw new FailedLoginException( "The username or password is incorrect." ); 094 } catch( final IOException e ) { 095 final String message = "IO exception; disallowing login."; 096 log.error( message, e ); 097 throw new LoginException( message ); 098 } catch( final UnsupportedCallbackException e ) { 099 final String message = "Unable to handle callback; disallowing login."; 100 log.error( message, e ); 101 throw new LoginException( message ); 102 } catch( final NoSuchPrincipalException e ) { 103 throw new FailedLoginException( "The username or password is incorrect." ); 104 } 105 } 106 107}