001/* 002 Licensed to the Apache Software Foundation (ASF) under one 003 or more contributor license agreements. See the NOTICE file 004 distributed with this work for additional information 005 regarding copyright ownership. The ASF licenses this file 006 to you under the Apache License, Version 2.0 (the 007 "License"); you may not use this file except in compliance 008 with the License. You may obtain a copy of the License at 009 010 http://www.apache.org/licenses/LICENSE-2.0 011 012 Unless required by applicable law or agreed to in writing, 013 software distributed under the License is distributed on an 014 "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 KIND, either express or implied. See the License for the 016 specific language governing permissions and limitations 017 under the License. 018 */ 019package org.apache.wiki.auth.login; 020 021import org.apache.logging.log4j.LogManager; 022import org.apache.logging.log4j.Logger; 023import org.apache.wiki.auth.WikiPrincipal; 024 025import javax.security.auth.callback.Callback; 026import javax.security.auth.callback.UnsupportedCallbackException; 027import javax.security.auth.login.FailedLoginException; 028import javax.security.auth.login.LoginException; 029import javax.servlet.http.HttpServletRequest; 030import javax.servlet.http.HttpSession; 031import java.io.IOException; 032import java.security.Principal; 033 034/** 035 * <p> 036 * Logs in a user by extracting authentication data from an Http servlet 037 * session. First, the module tries to extract a Principal object out of the 038 * request directly using the servlet requests's <code>getUserPrincipal()</code> 039 * method. If one is found, authentication succeeds. If there is no 040 * Principal in the request, try calling <code>getRemoteUser()</code>. If 041 * the <code>remoteUser</code> exists but the UserDatabase can't find a matching 042 * profile, a generic WikiPrincipal is created with this value. If neither 043 * <code>userPrincipal</code> nor <code>remoteUser</code> exist in the request, the login fails. 044 * </p> 045 * <p> 046 * This module must be used with a CallbackHandler that supports the following 047 * Callback types: 048 * </p> 049 * <ol> 050 * <li>{@link HttpRequestCallback} - supplies the Http request object, from 051 * which the getRemoteUser and getUserPrincipal are extracted</li> 052 * <li>{@link UserDatabaseCallback} - supplies the user database for looking up 053 * the value of getRemoteUser</li> 054 * </ol> 055 * <p> 056 * After authentication, the Subject will contain the Principal that 057 * represents the logged-in user.</p> 058 * 059 * @since 2.3 060 */ 061public class WebContainerLoginModule extends AbstractLoginModule { 062 063 protected static final Logger log = LogManager.getLogger( WebContainerLoginModule.class ); 064 065 /** 066 * Logs in the user. 067 * @see javax.security.auth.spi.LoginModule#login() 068 * 069 * @return {@inheritDoc} 070 * @throws LoginException {@inheritDoc} 071 */ 072 public boolean login() throws LoginException 073 { 074 final HttpRequestCallback rcb = new HttpRequestCallback(); 075 final Callback[] callbacks = new Callback[] { rcb }; 076 final String userId; 077 078 try 079 { 080 // First, try to extract a Principal object out of the request 081 // directly. If we find one, we're done. 082 m_handler.handle( callbacks ); 083 final HttpServletRequest request = rcb.getRequest(); 084 if ( request == null ) { 085 throw new LoginException( "No Http request supplied." ); 086 } 087 final HttpSession session = request.getSession(false); 088 final String sid = (session == null) ? NULL : session.getId(); 089 Principal principal = request.getUserPrincipal(); 090 if ( principal == null ) { 091 // If no Principal in request, try the remoteUser 092 log.debug( "No userPrincipal found for session ID={}", sid); 093 userId = request.getRemoteUser(); 094 if ( userId == null ) { 095 log.debug( "No remoteUser found for session ID={}", sid); 096 throw new FailedLoginException( "No remote user found" ); 097 } 098 principal = new WikiPrincipal( userId, WikiPrincipal.LOGIN_NAME ); 099 } 100 log.debug("Logged in container principal {}.", principal.getName() ); 101 m_principals.add( principal ); 102 103 return true; 104 } catch( final IOException e ) { 105 log.error( "IOException: {}", e.getMessage() ); 106 return false; 107 } catch( final UnsupportedCallbackException e ) { 108 log.error( "UnsupportedCallbackException: {}", e.getMessage() ); 109 return false; 110 } 111 } 112}