LoginStrategyLogInService.java example

Explorer
dcache-master
- archetypes
  - dcache-nearline-plugin-archetype
    - src
      - main
        resources
        archetype-resources
        src
        main
        java
        PluginNearlineStorage.java
        PluginNearlineStorageProvider.java
- modules
package org.dcache.webadmin.controller.impl;

import org.apache.wicket.authroles.authorization.strategies.role.Roles;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.security.auth.Subject;

import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

import diskCacheV111.util.CacheException;

import org.dcache.auth.LoginReply;
import org.dcache.auth.LoginStrategy;
import org.dcache.auth.PasswordCredential;
import org.dcache.auth.Subjects;
import org.dcache.util.CertificateFactories;
import org.dcache.webadmin.controller.LogInService;
import org.dcache.webadmin.controller.exceptions.LogInServiceException;
import org.dcache.webadmin.view.beans.UserBean;
import org.dcache.webadmin.view.util.Role;

import static java.util.Arrays.asList;

/**
 *
 * @author jans
 */
public class LoginStrategyLogInService implements LogInService {

    private static final Logger _log = LoggerFactory.getLogger(LogInService.class);
    private LoginStrategy _loginStrategy;
    private int _adminGid;
    private final CertificateFactory _cf;

    public LoginStrategyLogInService()
    {
        this._cf = CertificateFactories.newX509CertificateFactory();
    }

    @Override
    public UserBean authenticate(String username, char[] password) throws LogInServiceException {
        Subject subject = new Subject();
        PasswordCredential pass =
            new PasswordCredential(username, String.valueOf(password));
        subject.getPrivateCredentials().add(pass);
        return authenticate(subject);
    }

    @Override
    public UserBean authenticate(X509Certificate[] certChain) throws LogInServiceException {
        try {
            Subject subject = new Subject();
            subject.getPublicCredentials().add(_cf.generateCertPath(asList(certChain)));
            return authenticate(subject);
        } catch (CertificateException e) {
            throw new LogInServiceException("Failed to generate X.509 certificate path: " + e.getMessage(),  e);
        }
    }

    public UserBean authenticate(Subject subject) throws LogInServiceException {
        LoginReply login;
        try {
            login = _loginStrategy.login(subject);
            if (login == null) {
                throw new NullPointerException();
            }
        } catch (CacheException ex) {
            throw new LogInServiceException(ex.getMessage(), ex);
        }
        return mapLoginToUser(login);
    }

    private UserBean mapLoginToUser(LoginReply login) {
        UserBean user = new UserBean();
        Subject subject = login.getSubject();
        user.setUsername(Subjects.getUserName(subject));
        Roles roles = mapGidsToRoles(Subjects.getGids(subject));
        user.setRoles(roles);
        return user;
    }

    private Roles mapGidsToRoles(long[] gids) {
        Roles roles = new Roles();
        boolean isAdmin = false;
        for (long gid : gids) {
            _log.debug("GID : {}", gid);
            if (gid == _adminGid) {
                roles.add(Role.ADMIN);
                isAdmin = true;
            }
        }
        if (!isAdmin) {
            roles.add(Role.USER);
        }
        return roles;
    }

    public void setLoginStrategy(LoginStrategy loginStrategy) {
        if (loginStrategy == null) {
            throw new IllegalArgumentException();
        }
        _loginStrategy = loginStrategy;
    }

    public void setAdminGid(int adminGid) {
        _log.debug("admin GID set to {}", adminGid);
        _adminGid = adminGid;
    }
}