1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package info.magnolia.cms.security;
35
36 import info.magnolia.cms.security.auth.callback.CredentialsCallbackHandler;
37 import info.magnolia.cms.security.auth.login.LoginResult;
38
39 import javax.security.auth.Subject;
40 import javax.security.auth.login.LoginContext;
41 import javax.security.auth.login.LoginException;
42
43 import org.apache.commons.lang.StringUtils;
44 import org.slf4j.Logger;
45 import org.slf4j.LoggerFactory;
46
47
48
49
50
51
52
53 public abstract class SecuritySupportBase implements SecuritySupport {
54 private static final Logger log = LoggerFactory.getLogger(SecuritySupportBase.class);
55
56 public static final String DEFAULT_JAAS_LOGIN_CHAIN = "magnolia";
57
58 @Override
59 public LoginResult authenticate(CredentialsCallbackHandler callbackHandler, String customLoginModule) {
60 Subject subject;
61 try {
62 LoginContext loginContext = createLoginContext(callbackHandler, customLoginModule);
63 loginContext.login();
64 subject = loginContext.getSubject();
65
66 return new LoginResult(LoginResult.STATUS_SUCCEEDED, subject);
67 }
68 catch (LoginException e) {
69 logLoginException(e);
70 return new LoginResult(LoginResult.STATUS_FAILED, e);
71 }
72 }
73
74
75
76
77
78
79 private void logLoginException(LoginException e) {
80 if (e.getClass().equals(LoginException.class)) {
81 log.error("Can't login due to: ", e);
82 } else {
83
84 log.debug("Can't login due to: ", e);
85 }
86 }
87
88 protected static LoginContext createLoginContext(CredentialsCallbackHandler callbackHandler, String customLoginModule) throws LoginException {
89 final String loginContextName = StringUtils.defaultString(customLoginModule, DEFAULT_JAAS_LOGIN_CHAIN);
90 return new LoginContext(loginContextName, callbackHandler);
91 }
92
93 }