• Home
• org.apache.jackrabbit
• oak-core
• 1.0.3
• source code
• GuestLoginModule.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.apache.jackrabbit.oak.spi.security.authentication.GuestLoginModule Maven / Gradle / Ivy

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.jackrabbit.oak.spi.security.authentication;

import java.io.IOException;
import java.util.Map;
import javax.jcr.Credentials;
import javax.jcr.GuestCredentials;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.spi.LoginModule;

import org.apache.jackrabbit.oak.spi.security.authentication.callback.CredentialsCallback;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * The {@code GuestLoginModule} is intended to provide backwards compatibility
 * with the login handling present in the JCR reference implementation located
 * in jackrabbit-core. While the specification claims that {@link javax.jcr.Repository#login}
 * with {@code null} Credentials implies that the authentication process is
 * handled externally, the default implementation jackrabbit-core treated it
 * as 'anonymous' login such as covered by using {@link GuestCredentials}.

 *
 * This {@code LoginModule} implementation performs the following tasks upon
 * {@link #login()}.
 *
 * 

 *     
Try to retrieve JCR credentials from the {@link CallbackHandler} using
 *     the {@link CredentialsCallback}
 *     
In case no credentials could be obtained it pushes a new instance of
 *     {@link GuestCredentials} to the shared stated. Subsequent login modules
 *     in the authentication process may retrieve the {@link GuestCredentials}
 *     instead of failing to obtain any credentials.
 * 
 *
 * If this login module pushed {@link GuestLoginModule} to the shared state
 * in phase 1 it will add those credentials and the {@link EveryonePrincipal}
 * to the subject in phase 2 of the login process. Subsequent login modules
 * my choose to provide additional principals/credentials associated with
 * a guest login.

 *
 * The authentication configuration using this {@code LoginModule} could for
 * example look as follows:
 *
 * 
 *
 *    jackrabbit.oak {
 *            org.apache.jackrabbit.oak.spi.security.authentication.GuestLoginModule  optional;
 *            org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl required;
 *    };
 *
 * 
 *
 * In this case calling {@link javax.jcr.Repository#login()} would be equivalent
 * to {@link javax.jcr.Repository#login(javax.jcr.Credentials) repository.login(new GuestCredentials()}.
 */
public final class GuestLoginModule implements LoginModule {

    private static final Logger log = LoggerFactory.getLogger(GuestLoginModule.class);

    private Subject subject;
    private CallbackHandler callbackHandler;
    private Map sharedState;

    private GuestCredentials guestCredentials;

    //--------------------------------------------------------< LoginModule >---
    @Override
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = sharedState;
    }

    @Override
    public boolean login() {
        if (callbackHandler != null) {
            CredentialsCallback ccb = new CredentialsCallback();
            try {
                callbackHandler.handle(new Callback[] {ccb});
                Credentials credentials = ccb.getCredentials();
                if (credentials == null) {
                    guestCredentials = new GuestCredentials();
                    sharedState.put(AbstractLoginModule.SHARED_KEY_CREDENTIALS, guestCredentials);
                    return true;
                }
            } catch (IOException e) {
                log.debug("Login: Failed to retrieve Credentials from CallbackHandler", e);
            } catch (UnsupportedCallbackException e) {
                log.debug("Login: Failed to retrieve Credentials from CallbackHandler", e);
            }
        }

        // ignore this login module
        return false;
    }

    @Override
    public boolean commit() {
        if (authenticationSucceeded()) {
            if (!subject.isReadOnly()) {
                subject.getPublicCredentials().add(guestCredentials);
                subject.getPrincipals().add(EveryonePrincipal.getInstance());
            }
            return true;
        } else {
            return false;
        }
    }

    @Override
    public boolean abort() {
        guestCredentials = null;
        return true;
    }

    @Override
    public boolean logout() {
        return authenticationSucceeded();
    }

    private boolean authenticationSucceeded() {
        return guestCredentials != null;
    }
}