1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package info.magnolia.jaas.sp.jcr;
35
36 import info.magnolia.cms.core.Content;
37 import info.magnolia.cms.security.MgnlUser;
38 import info.magnolia.cms.security.MgnlUserManager;
39 import info.magnolia.cms.security.SecuritySupport;
40 import info.magnolia.cms.security.User;
41 import info.magnolia.cms.security.UserManager;
42 import info.magnolia.cms.security.auth.Entity;
43 import info.magnolia.jaas.principal.EntityImpl;
44 import info.magnolia.jaas.sp.AbstractLoginModule;
45 import info.magnolia.jaas.sp.UserAwareLoginModule;
46 import org.apache.commons.lang.StringUtils;
47 import org.slf4j.Logger;
48 import org.slf4j.LoggerFactory;
49
50 import javax.security.auth.login.FailedLoginException;
51 import javax.security.auth.login.LoginException;
52 import javax.security.auth.login.AccountNotFoundException;
53 import javax.security.auth.login.AccountLockedException;
54 import java.util.Iterator;
55
56
57
58
59
60
61 public class JCRAuthenticationModule extends AbstractLoginModule implements UserAwareLoginModule {
62 private static final Logger log = LoggerFactory.getLogger(JCRAuthenticationModule.class);
63
64 protected User user;
65
66
67
68
69 public int getMaxAttempts() {
70
71 if (this.user instanceof MgnlUser) {
72 Content node = ((MgnlUser) this.user).getUserNode();
73 realm = StringUtils.substringBefore(StringUtils.substringAfter(node.getHandle(), "/"), "/");
74
75 } else {
76 return 0;
77 }
78 MgnlUserManager manager = (MgnlUserManager) SecuritySupport.Factory.getInstance().getUserManager(realm);
79 return (int)manager.getMaxFailedLoginAttempts();
80 }
81
82
83
84
85 public boolean release() {
86 return true;
87 }
88
89
90
91
92
93 public void validateUser() throws LoginException {
94 initUser();
95
96 if (this.user == null) {
97 throw new AccountNotFoundException("User account " + this.name + " not found.");
98 }
99
100 if (!this.user.isEnabled()){
101 throw new AccountLockedException("User account " + this.name + " is locked.");
102 }
103
104 matchPassword();
105
106 if (!UserManager.ANONYMOUS_USER.equals(user.getName()) && user instanceof MgnlUser)
107 {
108 ((MgnlUser) user).setLastAccess();
109 }
110 }
111
112 protected void initUser() {
113 user = getUserManager().getUser(name);
114 }
115
116 protected void matchPassword() throws LoginException {
117 String serverPassword = user.getPassword();
118
119 if (StringUtils.isEmpty(serverPassword)) {
120 throw new FailedLoginException("we do not allow users with no password");
121 }
122
123 if (!StringUtils.equals(serverPassword, new String(this.pswd))) {
124
125 if (getMaxAttempts() > 0){
126
127 MgnlUser mgnlUser = (MgnlUser) user;
128 mgnlUser.setFailedLoginAttempts(mgnlUser.getFailedLoginAttempts() + 1);
129
130 if (mgnlUser.getFailedLoginAttempts() >= getMaxAttempts()){
131 mgnlUser.setEnabled(false);
132 mgnlUser.setFailedLoginAttempts(0);
133 log.warn("Account " + this.name + " was locked due to high number of failed login attempts.");
134 }
135 }
136 throw new FailedLoginException("passwords do not match");
137 }
138 if(user instanceof MgnlUser){
139 MgnlUser mgnlUser = (MgnlUser) user;
140 mgnlUser.setFailedLoginAttempts(0);
141 }
142 }
143
144
145
146
147 public UserManager getUserManager() {
148 SecuritySupport securitySupport = SecuritySupport.Factory.getInstance();
149 return securitySupport.getUserManager(this.realm);
150 }
151
152
153
154
155 public void setEntity() {
156 EntityImpl entity = new EntityImpl();
157 entity.addProperty(Entity.LANGUAGE, this.user.getLanguage());
158 entity.addProperty(Entity.NAME, this.user.getName());
159
160 String fullName = this.user.getProperty("title");
161 if(fullName != null){
162 entity.addProperty(Entity.FULL_NAME, fullName);
163 }
164 entity.addProperty(Entity.PASSWORD, new String(this.pswd));
165 this.subject.getPrincipals().add(entity);
166
167 collectGroupNames();
168 collectRoleNames();
169 }
170
171
172
173
174 public void setACL() {
175 }
176
177
178
179
180 public void collectRoleNames() {
181 for (Iterator iter = this.user.getAllRoles().iterator(); iter.hasNext();) {
182 addRoleName((String)iter.next());
183 }
184 }
185
186
187
188
189 public void collectGroupNames() {
190 for (Iterator iter = this.user.getAllGroups().iterator(); iter.hasNext();) {
191 addGroupName((String) iter.next());
192 }
193 }
194
195 public User getUser() {
196 return user;
197 }
198
199 }