1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package info.magnolia.jaas.sp.jcr;
35
36 import info.magnolia.cms.security.MgnlUser;
37 import info.magnolia.cms.security.SecuritySupport;
38 import info.magnolia.cms.security.User;
39 import info.magnolia.cms.security.UserManager;
40 import info.magnolia.cms.security.auth.Entity;
41 import info.magnolia.jaas.principal.EntityImpl;
42 import info.magnolia.jaas.sp.AbstractLoginModule;
43 import info.magnolia.jaas.sp.UserAwareLoginModule;
44 import org.apache.commons.lang.StringUtils;
45
46 import javax.security.auth.login.FailedLoginException;
47 import javax.security.auth.login.LoginException;
48 import javax.security.auth.login.AccountNotFoundException;
49 import javax.security.auth.login.AccountLockedException;
50 import java.util.Iterator;
51
52
53
54
55
56 public class JCRAuthenticationModule extends AbstractLoginModule implements UserAwareLoginModule {
57 protected User user;
58
59
60
61
62 public boolean release() {
63 return true;
64 }
65
66
67
68
69
70 public void validateUser() throws LoginException {
71 initUser();
72
73 if (this.user == null) {
74 throw new AccountNotFoundException("User account " + this.name + " not found.");
75 }
76
77 matchPassword();
78
79 if (!this.user.isEnabled()) {
80 throw new AccountLockedException("User account " + this.name + " is locked.");
81 }
82
83 if (!UserManager.ANONYMOUS_USER.equals(user.getName()) && user instanceof MgnlUser)
84 {
85 ((MgnlUser) user).setLastAccess();
86 }
87 }
88
89 protected void initUser() {
90 user = getUserManager().getUser(name);
91 }
92
93 protected void matchPassword() throws LoginException {
94 String serverPassword = user.getPassword();
95
96 if (StringUtils.isEmpty(serverPassword)) {
97 throw new FailedLoginException("we do not allow users with no password");
98 }
99
100 if (!StringUtils.equals(serverPassword, new String(this.pswd))) {
101 throw new FailedLoginException("passwords do not match");
102 }
103 }
104
105
106
107
108 public UserManager getUserManager() {
109 SecuritySupport securitySupport = SecuritySupport.Factory.getInstance();
110 return securitySupport.getUserManager(this.realm);
111 }
112
113
114
115
116 public void setEntity() {
117 EntityImpl entity = new EntityImpl();
118 entity.addProperty(Entity.LANGUAGE, this.user.getLanguage());
119 entity.addProperty(Entity.NAME, this.user.getName());
120
121 String fullName = this.user.getProperty("title");
122 if(fullName != null){
123 entity.addProperty(Entity.FULL_NAME, fullName);
124 }
125 entity.addProperty(Entity.PASSWORD, new String(this.pswd));
126 this.subject.getPrincipals().add(entity);
127
128 collectGroupNames();
129 collectRoleNames();
130 }
131
132
133
134
135 public void setACL() {
136 }
137
138
139
140
141 public void collectRoleNames() {
142 for (Iterator iter = this.user.getAllRoles().iterator(); iter.hasNext();) {
143 addRoleName((String)iter.next());
144 }
145 }
146
147
148
149
150 public void collectGroupNames() {
151 for (Iterator iter = this.user.getAllGroups().iterator(); iter.hasNext();) {
152 addGroupName((String) iter.next());
153 }
154 }
155
156 public User getUser() {
157 return user;
158 }
159
160 }