1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package info.magnolia.jaas.sp.jcr;
35
36 import info.magnolia.cms.security.SecuritySupport;
37 import info.magnolia.cms.security.User;
38 import info.magnolia.cms.security.UserManager;
39 import info.magnolia.jaas.sp.AbstractLoginModule;
40 import info.magnolia.jaas.sp.UserAwareLoginModule;
41
42 import java.io.Serializable;
43
44 import javax.security.auth.login.AccountLockedException;
45 import javax.security.auth.login.AccountNotFoundException;
46 import javax.security.auth.login.FailedLoginException;
47 import javax.security.auth.login.LoginException;
48
49 import org.apache.commons.lang.StringUtils;
50
51
52
53
54
55 public class JCRAuthenticationModule extends AbstractLoginModule implements UserAwareLoginModule, Serializable {
56
57 protected User user;
58
59
60
61
62
63
64 @Override
65 public void validateUser() throws LoginException {
66 initUser();
67
68 if (this.user == null) {
69 throw new AccountNotFoundException("User account " + this.name + " not found.");
70 }
71
72 matchPassword();
73
74 if (!this.user.isEnabled()) {
75 throw new AccountLockedException("User account " + this.name + " is locked.");
76 }
77
78 if (!UserManager.ANONYMOUS_USER.equals(user.getName())) {
79
80 getUserManager().updateLastAccessTimestamp(user);
81 }
82 }
83
84 private UserManager getUserManager() {
85
86 log.debug("getting user manager for realm " + realm.getName());
87 return SecuritySupport.Factory.getInstance().getUserManager(realm.getName());
88 }
89
90
91
92 protected void initUser() throws LoginException {
93 log.debug("initializing user {}", name);
94
95 long start = System.currentTimeMillis();
96 this.user = getUserManager().getUser(name);
97 log.debug("initialized user {} in {}ms", name, (System.currentTimeMillis() - start));
98 }
99
100 protected void matchPassword() throws LoginException {
101 String serverPassword = user.getPassword();
102
103 if (StringUtils.isEmpty(serverPassword)) {
104 throw new FailedLoginException("we do not allow users with no password");
105 }
106
107 if (!StringUtils.equals(serverPassword, new String(this.pswd))) {
108 throw new FailedLoginException("passwords do not match");
109 }
110 }
111
112
113
114
115 @Override
116 public void setEntity() {
117
118 this.subject.getPrincipals().add(this.user);
119 this.subject.getPrincipals().add(this.realm);
120
121 collectGroupNames();
122 collectRoleNames();
123 }
124
125
126
127
128 @Override
129 public void setACL() {
130 }
131
132
133
134
135 public void collectRoleNames() {
136 for (String role : this.user.getAllRoles()) {
137 addRoleName(role);
138 }
139 }
140
141
142
143
144 public void collectGroupNames() {
145 for (String group : this.user.getAllGroups()) {
146 addGroupName(group);
147 }
148 }
149
150 @Override
151 public User getUser() {
152 return user;
153 }
154 }