2 * Copyright 2005, 2008, 2009 Electronic Business Systems Ltd.
\r
4 * This file is part of GSS.
\r
6 * GSS is free software: you can redistribute it and/or modify
\r
7 * it under the terms of the GNU General Public License as published by
\r
8 * the Free Software Foundation, either version 3 of the License, or
\r
9 * (at your option) any later version.
\r
11 * GSS is distributed in the hope that it will be useful,
\r
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
\r
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
\r
14 * GNU General Public License for more details.
\r
16 * You should have received a copy of the GNU General Public License
\r
17 * along with GSS. If not, see <http://www.gnu.org/licenses/>.
\r
19 package gr.ebs.gss.server.webdav.login;
\r
21 import static gr.ebs.gss.server.configuration.GSSConfigurationFactory.getConfiguration;
\r
22 import gr.ebs.gss.client.exceptions.RpcException;
\r
23 import gr.ebs.gss.server.domain.User;
\r
24 import gr.ebs.gss.server.ejb.ExternalAPI;
\r
25 import gr.ebs.gss.server.ejb.TransactionHelper;
\r
27 import java.io.UnsupportedEncodingException;
\r
28 import java.security.Principal;
\r
29 import java.security.acl.Group;
\r
30 import java.util.Date;
\r
31 import java.util.HashSet;
\r
32 import java.util.concurrent.Callable;
\r
34 import javax.naming.Context;
\r
35 import javax.naming.InitialContext;
\r
36 import javax.naming.NamingException;
\r
37 import javax.rmi.PortableRemoteObject;
\r
38 import javax.security.auth.login.FailedLoginException;
\r
39 import javax.security.auth.login.LoginException;
\r
41 import org.apache.commons.codec.binary.Base64;
\r
42 import org.apache.commons.logging.Log;
\r
43 import org.apache.commons.logging.LogFactory;
\r
44 import org.jboss.security.auth.spi.UsernamePasswordLoginModule;
\r
48 * The custom login module for the GSS WebDAV implementation.
\r
50 public class GssWebDAVLoginModule extends UsernamePasswordLoginModule {
\r
53 * Logger for this class
\r
55 private static final Log logger = LogFactory.getLog(GssWebDAVLoginModule.class);
\r
58 * A helper method that retrieves a reference to the ExternalAPI bean and
\r
59 * stores it for future use.
\r
61 * @return an ExternalAPI instance
\r
62 * @throws RpcException in case an error occurs
\r
64 private ExternalAPI getService() throws RpcException {
\r
66 final Context ctx = new InitialContext();
\r
67 final Object ref = ctx.lookup(getConfiguration().getString("externalApiPath"));
\r
68 return (ExternalAPI) PortableRemoteObject.narrow(ref, ExternalAPI.class);
\r
69 } catch (final NamingException e) {
\r
70 logger.error("Unable to retrieve the ExternalAPI EJB", e);
\r
71 throw new RpcException("An error occurred while contacting the naming service");
\r
76 protected String getUsersPassword() throws LoginException {
\r
77 String username = getUsername();
\r
79 final User user = getService().findUser(username);
\r
80 if (user == null) throw new FailedLoginException("User '" + username + "' not found.");
\r
81 if (!user.isActive()) throw new FailedLoginException("User '" + username + "' is disabled.");
\r
82 if (user.getWebDAVPassword() != null && user.getWebDAVPassword().length() > 0)
\r
83 return user.getWebDAVPassword();
\r
84 // If no password has ever been generated, use token instead
\r
85 String tokenEncoded = new String(Base64.encodeBase64(user.getAuthToken()), "US-ASCII");
\r
86 user.setWebDAVPassword(tokenEncoded);
\r
87 new TransactionHelper<Void>().tryExecute(new Callable<Void>() {
\r
89 public Void call() throws Exception {
\r
90 getService().updateUser(user);
\r
94 return tokenEncoded;
\r
95 } catch (RpcException e) {
\r
96 String error = "An error occurred while communicating with the service";
\r
97 logger.error(error, e);
\r
98 throw new LoginException(e.getMessage());
\r
99 } catch (UnsupportedEncodingException e) {
\r
100 logger.error("", e);
\r
101 throw new LoginException(e.getMessage());
\r
102 } catch (Exception e) {
\r
103 logger.error("", e);
\r
104 throw new LoginException(e.getMessage());
\r
109 * Overrides parent's implementation by returning only the simpleUser
\r
110 * role for any successful login.
\r
112 * @return Group[] that contains only the authenticatedUser group (role)
\r
113 * @throws LoginException
\r
114 * @see org.jboss.security.auth.spi.AbstractServerLoginModule#getRoleSets()
\r
117 protected Group[] getRoleSets() throws LoginException {
\r
118 Principal principal;
\r
120 principal = createIdentity("simpleUser");
\r
121 } catch (Exception e) {
\r
122 logger.error("", e);
\r
123 throw new LoginException(e.getMessage());
\r
125 Group rolesGroup = null;
\r
126 rolesGroup = createGroup("Roles", new HashSet());
\r
127 rolesGroup.addMember(principal);
\r
128 Group[] roles = new Group[1];
\r
129 roles[0] = rolesGroup;
\r
130 // Update the last login.
\r
132 new TransactionHelper<Void>().tryExecute(new Callable<Void>() {
\r
134 public Void call() throws Exception {
\r
135 User user = getService().findUser(getUsername());
\r
136 user.setLastLogin(new Date());
\r
137 getService().updateUser(user);
\r
141 } catch (Exception e) {
\r
142 logger.error("", e);
\r
143 throw new LoginException(e.getMessage());
\r