001/*
002    Licensed to the Apache Software Foundation (ASF) under one
003    or more contributor license agreements.  See the NOTICE file
004    distributed with this work for additional information
005    regarding copyright ownership.  The ASF licenses this file
006    to you under the Apache License, Version 2.0 (the
007    "License"); you may not use this file except in compliance
008    with the License.  You may obtain a copy of the License at
009
010       http://www.apache.org/licenses/LICENSE-2.0
011
012    Unless required by applicable law or agreed to in writing,
013    software distributed under the License is distributed on an
014    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015    KIND, either express or implied.  See the License for the
016    specific language governing permissions and limitations
017    under the License.    
018 */
019package org.apache.wiki.auth.login;
020
021import org.apache.logging.log4j.LogManager;
022import org.apache.logging.log4j.Logger;
023import org.apache.wiki.auth.WikiPrincipal;
024import org.apache.wiki.util.HttpUtil;
025
026import javax.security.auth.callback.Callback;
027import javax.security.auth.callback.UnsupportedCallbackException;
028import javax.security.auth.login.LoginException;
029import javax.servlet.http.HttpServletRequest;
030import javax.servlet.http.HttpSession;
031import java.io.IOException;
032
033/**
034 * <p>
035 * Logs in a user based solely on IP address; no other authentication is
036 * performed. Barring a mis-configuration or I/O error, this LoginModule
037 * <em>always</em> succeeds.
038 * </p>
039 * This module must be used with a CallbackHandler (such as
040 * {@link WebContainerCallbackHandler}) that supports the following Callback
041 * types:
042 * </p>
043 * <ol>
044 * <li>{@link HttpRequestCallback}- supplies the IP address, which is used as
045 * a backup in case no name is supplied.</li>
046 * </ol>
047 * <p>
048 * After authentication, a generic WikiPrincipal based on the IP address will be
049 * created and associated with the Subject.
050 * @see javax.security.auth.spi.LoginModule#commit()
051 *      </p>
052 * @since 2.3
053 */
054public class AnonymousLoginModule extends AbstractLoginModule
055{
056
057    /**
058     * Bogus prompt sent to the callback handler.
059     */
060    public static final String PROMPT = "User name";
061
062    protected static final Logger LOG = LogManager.getLogger( AnonymousLoginModule.class );
063
064    /**
065     * {@inheritDoc}
066     *
067     * Logs in the user by calling back to the registered CallbackHandler with an
068     * HttpRequestCallback. The CallbackHandler must supply the current servlet
069     * HTTP request as its response.
070     * @return the result of the login; this will always be <code>true</code>.
071     * @see javax.security.auth.spi.LoginModule#login()
072     * @throws LoginException if unable to handle callback
073     */
074    @Override
075    public boolean login() throws LoginException
076    {
077        // Let's go and make a Principal based on the IP address
078        final HttpRequestCallback hcb = new HttpRequestCallback();
079        final Callback[] callbacks = new Callback[]{ hcb };
080        try {
081            m_handler.handle( callbacks );
082            final HttpServletRequest request = hcb.getRequest();
083            final WikiPrincipal ipAddr = new WikiPrincipal( HttpUtil.getRemoteAddress(request) );
084            final HttpSession session = request.getSession( false );
085            final String sid = (session == null) ? NULL : session.getId();
086            LOG.debug("Logged in session ID={}; IP={}", sid, ipAddr);
087            // If login succeeds, commit these principals/roles
088            m_principals.add( ipAddr );
089            return true;
090        } catch( final IOException e ) {
091            LOG.error("IOException: " + e.getMessage());
092            return false;
093        } catch( final UnsupportedCallbackException e ) {
094            final String message = "Unable to handle callback, disallowing login.";
095            LOG.error( message, e );
096            throw new LoginException( message );
097        }
098    }
099
100}