PortalJaasSecurityGenerator.java

/**
 * Copyright (c) 2009 Juwi MacMillan Group GmbH
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *         http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package de.juwimm.cms.cocoon.generation;

import java.security.Principal;
import java.security.acl.Group;
import java.util.*;

import javax.security.auth.Subject;
import javax.security.auth.callback.*;
import javax.security.auth.login.LoginContext;

import org.apache.avalon.framework.component.ComponentManager;
import org.apache.avalon.framework.component.Composable;
import org.apache.avalon.framework.parameters.Parameters;
import org.apache.cocoon.ProcessingException;
import org.apache.cocoon.environment.SourceResolver;
import org.apache.cocoon.generation.AbstractGenerator;
import org.apache.cocoon.webapps.session.ContextManager;
import org.apache.log4j.Logger;
import org.xml.sax.SAXException;
import org.xml.sax.helpers.AttributesImpl;

/**
 * <p>Title: ConQuest</p>
 * <p>Description: Enterprise Content Management</p>
 * <p>Copyright: Copyright (c) 2004</p>
 * @author <a href="sascha.kulawik@juwimm.com">Sascha-Matthias Kulawik</a>
 * @version $Id$
 */
public class PortalJaasSecurityGenerator extends AbstractGenerator implements Composable {
	private static Logger log = Logger.getLogger(PortalJaasSecurityGenerator.class);
	private String userid = "";
	private String password = "";
	private String jaasRealm = "juwimm-cms-security-domain";
	private ComponentManager manager = null;

	public void compose(ComponentManager manager) {
		this.manager = manager;
	}

	@Override
	public void setup(SourceResolver resolver, Map objectModel, String src, Parameters par) {
		if (log.isDebugEnabled()) log.debug("begin setup");
		try {
			super.setup(resolver, objectModel, src, par);
			ContextManager cm = (ContextManager) this.manager.lookup(ContextManager.ROLE);
			try {
				if (cm.hasSessionContext()) {
					cm.deleteContext("authentication");
				}
			} catch (Exception exe) {

			}
			userid = par.getParameter("username", null);
			password = par.getParameter("password", null);
			try {
				String jaasRealmTmp = par.getParameter("jaasRealm", null);
				if (jaasRealmTmp != null && !jaasRealmTmp.equalsIgnoreCase("")) {
					jaasRealm = jaasRealmTmp;
				}
			} catch (Exception se) {
			}
			if (log.isDebugEnabled()) log.debug("trying to login as " + userid + " on the webpage");
		} catch (Exception ex) {
			new ProcessingException(ex.getMessage());
		}
		if (log.isDebugEnabled()) log.debug("end setup");
	}

	public void addTextNode(String nodeName, String text) throws SAXException {
		contentHandler.startElement("", nodeName, nodeName, new AttributesImpl());
		contentHandler.characters(text.toCharArray(), 0, text.length());
		contentHandler.endElement("", nodeName, nodeName);
	}

	public void generate() throws SAXException, ProcessingException {
		if (log.isDebugEnabled()) log.debug("begin generate");
		contentHandler.startElement("", "authentication", "authentication", new AttributesImpl());

		try {
			LoginContext lc = new LoginContext(jaasRealm, new InternalCallbackHandler());
			lc.login();
			Subject s = lc.getSubject();
			if (log.isDebugEnabled()) log.debug("Subject is: " + s.getPrincipals().toString());
			String principal = "";
			ArrayList<String> roles = new ArrayList<String>();

			Iterator it = s.getPrincipals(java.security.Principal.class).iterator();
			while (it.hasNext()) {
				Principal prp = (Principal) it.next();
				if (prp.getName().equalsIgnoreCase("Roles")) {
					Group grp = (Group) prp;
					Enumeration enume = grp.members();
					while (enume.hasMoreElements()) {
						Principal sg = (Principal) enume.nextElement();
						roles.add(sg.getName());
					}
				} else {
					principal = prp.getName();
				}
			}
			lc.logout();

			addTextNode("ID", principal);
			it = roles.iterator();
			while (it.hasNext()) {
				String role = (String) it.next();
				addTextNode("role", role);
			}
			contentHandler.startElement("", "data", "data", new AttributesImpl());
			addTextNode("user", principal);
			contentHandler.endElement("", "data", "data");
		} catch (Exception exe) {
			log.warn("Could not login user \"" + userid + "\"");
		} finally {
			contentHandler.endElement("", "authentication", "authentication");
			if (log.isDebugEnabled()) log.debug("end generate");
		}
	}

	/**
	 * Callback Handler
	 * @author <a href="sascha.kulawik@juwimm.com">Sascha-Matthias Kulawik</a>
	 * @version $Id$
	 */
	private class InternalCallbackHandler implements CallbackHandler {
		public void handle(Callback[] callbacks) throws UnsupportedCallbackException {

			for (int i = 0; i < callbacks.length; i++) {
				if (callbacks[i] instanceof NameCallback) {
					// prompt the user for a username
					NameCallback nc = (NameCallback) callbacks[i];
					nc.setName(userid);
				} else if (callbacks[i] instanceof PasswordCallback) {
					PasswordCallback pc = (PasswordCallback) callbacks[i];
					pc.setPassword(password.toCharArray());
				}
			}
		}
	}

}