/**
* Copyright (c) 2011-2014, OpenIoT
*
* This library is free software; you can redistribute it and/or
* modify it either under the terms of the GNU Lesser General Public
* License version 2.1 as published by the Free Software Foundation
* (the "LGPL"). If you do not alter this
* notice, a recipient may use your version of this file under the LGPL.
*
* You should have received a copy of the LGPL along with this library
* in the file COPYING-LGPL-2.1; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY
* OF ANY KIND, either express or implied. See the LGPL for
* the specific language governing rights and limitations.
*
* Contact: OpenIoT mailto: info@openiot.eu
*/
package org.openiot.security.client;
import io.buji.pac4j.ClientToken;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.openiot.commons.util.PropertyManagement;
import org.openiot.security.client.rest.CasOAuthWrapperClientRest;
import org.openiot.security.client.rest.OAuthCredentialsRest;
import org.pac4j.oauth.client.BaseOAuth20Client;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* @author Mehdi Riahi
*
*/
class AccessControlUtilRest extends AccessControlUtil {
private static Logger logger = LoggerFactory.getLogger(AccessControlUtilRest.class);
AccessControlUtilRest() {
this(null);
}
AccessControlUtilRest(String moduleName) {
this(moduleName, System.getProperty("jboss.server.config.dir"));
}
AccessControlUtilRest(String moduleName, String configDir) {
String key = null;
String secret = null;
IniSecurityManagerFactory factory = null;
if (moduleName != null) {
if (configDir != null) {
String iniFilePath = configDir + "/rest-client-" + moduleName + ".ini";
Path path = Paths.get(iniFilePath);
if (!Files.exists(path) || Files.isDirectory(path)) {
logger.warn("The configuration file {} is not found.", iniFilePath);
} else {
factory = new IniSecurityManagerFactory("file:" + iniFilePath);
}
}
PropertyManagement props = new PropertyManagement();
key = props.getProperty("casOauthClient.key." + moduleName, null);
secret = props.getProperty("casOauthClient.secret." + moduleName, null);
}
if (factory == null) {
logger.info("Falling back to the rest-client.ini in the class path");
String confFilePath = "classpath:rest-client.ini";
factory = new IniSecurityManagerFactory(confFilePath);
}
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
if (key != null && secret != null) {
CasOAuthWrapperClientRest bean = (CasOAuthWrapperClientRest) factory.getBeans().get("casOauthClient");
bean.setKey(key);
bean.setSecret(secret);
} else if (moduleName != null) {
logger.warn("casOauthClient.key.{} or/and casOauthClient.secret.{} is not set in the global properties file", moduleName, moduleName);
}
}
public OAuthorizationCredentials login(String username, String password) {
BaseOAuth20Client<?> client = getClient();
OAuthCredentialsRest credentials = new OAuthCredentialsRest(username, password, client.getName(), client.getKey(), client.getSecret());
ClientToken token = new ClientToken(client.getName(), credentials);
Subject subject = SecurityUtils.getSubject();
logger.debug("Logging in by username {}", username);
subject.login(token);
OAuthorizationCredentials oauthCredentials = getOAuthorizationCredentials();
logger.debug("Logged in. Credentials: {}", oauthCredentials);
return oauthCredentials;
}
public void logout() {
Subject subject = SecurityUtils.getSubject();
if (subject.isAuthenticated()) {
subject.logout();
}
reset();
}
@Override
public void redirectToLogin(HttpServletRequest req, HttpServletResponse resp) throws IOException {
// Do nothing
}
}