View Javadoc

1   /**
2    * 
3    */
4   package de.tivsource.page.admin.security;
5   
6   
7   import java.io.IOException;
8   import java.util.List;
9   import java.util.Map;
10  
11  import javax.naming.Context;
12  import javax.naming.InitialContext;
13  import javax.naming.NamingException;
14  import javax.persistence.NoResultException;
15  import javax.security.auth.Subject;
16  import javax.security.auth.callback.Callback;
17  import javax.security.auth.callback.CallbackHandler;
18  import javax.security.auth.callback.NameCallback;
19  import javax.security.auth.callback.PasswordCallback;
20  import javax.security.auth.callback.UnsupportedCallbackException;
21  import javax.security.auth.login.LoginException;
22  import javax.security.auth.spi.LoginModule;
23  
24  import org.apache.logging.log4j.LogManager;
25  import org.apache.logging.log4j.Logger;
26  
27  import de.tivsource.page.dao.administration.UserDaoLocal;
28  import de.tivsource.page.entity.administration.Role;
29  import de.tivsource.page.entity.administration.User;
30  import de.tivsource.page.valve.security.RemoteAddressThreadLocal;
31  
32  /**
33   * @author Marc Michele
34   *
35   */
36  public class AdminLoginModule implements LoginModule {
37  
38  	private static final Logger LOGGER = LogManager.getLogger("AuthLogger");
39  	
40  	private CallbackHandler handler;
41  	private Subject subject;
42  	private User userPrincipal;
43  	private List<Role> rolePrincipals;
44  	
45  	@Override
46  	public void initialize(Subject subject, CallbackHandler callbackHandler,
47  			Map<String, ?> sharedState, Map<String, ?> options) {
48  		handler = callbackHandler;
49  		this.subject = subject;
50  	}// Ende initialize()
51  
52  	@Override
53  	public boolean login() throws LoginException {
54  	    Callback[] callbacks = new Callback[2];
55  	    callbacks[0] = new NameCallback("login");
56  	    callbacks[1] = new PasswordCallback("password", true);
57  
58  
59  	    try {
60  	      handler.handle(callbacks);
61  	      String name = ((NameCallback) callbacks[0]).getName();
62  	      String password = String.valueOf(((PasswordCallback) callbacks[1]).getPassword());
63  	      
64  	      // Überprüfen ob der Name und
65  	      // das Passwort gesetzt wurden
66  	      if (name != null &&
67  	          password != null) {
68  
69  	    	  Context initialContext = new InitialContext();
70  	    	  UserDaoLocal userDaoLocal = (UserDaoLocal) initialContext.lookup("java:global/tiv-page/dao-0.0.1/UserDao");
71  	    	  
72  	    	  // Versuche benutzer mit dem Namen aus der Datenbank zu holen.
73  	    	  User dbUser = userDaoLocal.findByUsername(name);
74  
75  	    	  
76  	    	  // Überprüfen ob ein Benutzer gefunden wurde
77  	    	  // und ob die Daten stimmen.
78  	    	  if(dbUser != null &&
79  	    	     name.equals(dbUser.getName()) && 
80  	    	     password.equals(dbUser.getPassword())) {
81  	    		  LOGGER.info("Login ok - "
82  	    		  		+ "Auth-User: " + dbUser.getUsername()
83  	    		  		+ " - "
84  	    		  		+ "IP-Adresse: " + RemoteAddressThreadLocal.getKey()
85  	    		  );
86  	    		  userPrincipal = dbUser;
87  	    		  return true;
88  	    	  }// Ende if
89  
90  	      }// Ende if
91  	      
92  	      
93  	      LOGGER.info("Login failed - "
94  	      		+ "Auth-User: " + ((NameCallback) callbacks[0]).getName() + " - "
95  	      		+ "Auth-Password: " + String.valueOf(((PasswordCallback) callbacks[1]).getPassword()) + " - "
96  	      		+ "IP-Adresse: " + RemoteAddressThreadLocal.getKey()
97  	      );
98  
99  	      // If credentials are NOT OK we throw a LoginException
100 	      throw new LoginException("Authentication failed");
101 	    } catch (UnsupportedCallbackException e) {
102 		      LOGGER.info("Login failed - "
103 			      		+ "Auth-User: " + ((NameCallback) callbacks[0]).getName() + " - "
104 			      		+ "Auth-Password: " + String.valueOf(((PasswordCallback) callbacks[1]).getPassword()) + " - "
105 			      		+ "IP-Adresse: " + RemoteAddressThreadLocal.getKey()
106 		      );
107 			throw new LoginException("Authentication failed (UnsupportedCallbackException)");			
108 	    } catch (NamingException e) {
109 		      LOGGER.info("Login failed - "
110 			      		+ "Auth-User: " + ((NameCallback) callbacks[0]).getName() + " - "
111 			      		+ "Auth-Password: " + String.valueOf(((PasswordCallback) callbacks[1]).getPassword()) + " - "
112 			      		+ "IP-Adresse: " + RemoteAddressThreadLocal.getKey()
113 		      );
114 			throw new LoginException("Authentication failed (LoginException)");			
115 		} catch (NoResultException e) {
116 		      LOGGER.info("Login failed - "
117 			      		+ "Auth-User: " + ((NameCallback) callbacks[0]).getName() + " - "
118 			      		+ "Auth-Password: " + String.valueOf(((PasswordCallback) callbacks[1]).getPassword()) + " - "
119 			      		+ "IP-Adresse: " + RemoteAddressThreadLocal.getKey()
120 		      );
121 			throw new LoginException("Authentication failed (NoResultException)");			
122 		} catch (IOException e) {
123 		      LOGGER.info("Login failed - "
124 			      		+ "Auth-User: " + ((NameCallback) callbacks[0]).getName() + " - "
125 			      		+ "Auth-Password: " + String.valueOf(((PasswordCallback) callbacks[1]).getPassword()) + " - "
126 			      		+ "IP-Adresse: " + RemoteAddressThreadLocal.getKey()
127 		      );
128 			throw new LoginException("Authentication failed (IOException)");
129 		}
130 	}
131 
132 	@Override
133 	public boolean commit() throws LoginException {
134 	    subject.getPrincipals().add(userPrincipal);
135 	    rolePrincipals = userPrincipal.getRoles();
136 
137 	    for (Role roleName : rolePrincipals) {
138 	    	subject.getPrincipals().add(roleName);
139 	    }
140 	    return true;
141 	}
142 
143 	@Override
144 	public boolean abort() throws LoginException {
145 		return false;
146 	}
147 
148 	@Override
149 	public boolean logout() throws LoginException {
150 		subject.getPrincipals().remove(userPrincipal);
151 	    subject.getPrincipals().remove(rolePrincipals);
152 	    return true;
153 	}
154 
155 }// Ende class