Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  /*
   * JBoss, a division of Red Hat
   * Copyright 2011, Red Hat Middleware, LLC, and individual
   * contributors as indicated by the @authors tag. See the
   * copyright.txt in the distribution for a full listing of
   * individual contributors.
   *
   * This is free software; you can redistribute it and/or modify it
   * under the terms of the GNU Lesser General Public License as
  * published by the Free Software Foundation; either version 2.1 of
  * the License, or (at your option) any later version.
  *
  * This software is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  * Lesser General Public License for more details.
  *
  * You should have received a copy of the GNU Lesser General Public
  * License along with this software; if not, write to the Free
  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
  */
 
 package org.exoplatform.web.security;
 
 
 
A login module implementation that is used to handle reauthentication of client with same HTTP session on various cluster nodes. After login of user on cluster node is attribute "authenticatedCredentials" added to HTTP session in method commit(). Other cluster nodes can than read these credentials in method login(), and can reuse them to relogin.

Deprecated:
Cluster authentication is now handled by PortalClusteredSSOSupportValve and this login module is no longer used. Likely will be removed in the future.
Author(s):
Julien Viet
Version:
$Revision$
 
 public class PortalLoginModule extends AbstractLoginModule {

    
Logger.
 
     private static final Log log = ExoLogger.getLogger(PortalLoginModule.class);

    
JACC get context method.
 
     private static final Method getContextMethod;
 
     static {
         Method getContext = null;
 
         .debug("About to configure PortalLoginModule");
         try {
             Class<?> policyContextClass = Thread.currentThread().getContextClassLoader()
                     .loadClass("javax.security.jacc.PolicyContext");
             getContext = policyContextClass.getDeclaredMethod("getContext"String.class);
         } catch (ClassNotFoundException ignore) {
             .debug("JACC not found ignoring it"ignore);
         } catch (Exception e) {
             .error("Could not obtain JACC get context method"e);
         }
 
         //
          = getContext;
     }
 
     public static final String AUTHENTICATED_CREDENTIALS = "authenticatedCredentials";
 
     private static final String LOGIN_ON_DIFFERENT_NODE = "PortalLoginModule.loginOnDifferentNode";

    
 
     @SuppressWarnings("unchecked")
     public boolean login() throws LoginException {
         if ( != null) {
             Credentials authCredentials = null;
 
             try {
                 HttpServletRequest request = getCurrentHttpServletRequest();
 
                 // This can be the case with CLI login
                 if (request == null) {
                     .debug("Unable to find HTTPServletRequest.");
                     return false;
                 }
 
                 authCredentials = (Credentialsrequest.getSession().getAttribute();
                // If authenticated credentials were presented in HTTP session, it means that we were already logged on
                // different cluster node
                // with this HTTP session. We don't need to validate password again in this case (We don't have password anyway)
                if (authCredentials != null) {
                    Authenticator authenticator = (AuthenticatorgetContainer()
                            .getComponentInstanceOfType(Authenticator.class);
                    if (authenticator == null) {
                        throw new LoginException("No Authenticator component found, check your configuration");
                    }
                    String username = authCredentials.getUsername();
                    Identity identity = authenticator.createIdentity(username);
                    .put("exo.security.identity"identity);
                    .put("javax.security.auth.login.name"username);
                    .getPublicCredentials().add(new UsernameCredential(username));
                    // Add empty password to subject and remove password key, so that SharedStateLoginModule won't be processed
                    .getPrivateCredentials().add("");
                    .remove("javax.security.auth.login.password");
                    // Add flag that we were logged with real password on different cluster node. Not on this node.
                    .put(true);
                }
            } catch (Exception e) {
                .error(thise);
                LoginException le = new LoginException(e.getMessage());
                le.initCause(e);
                throw le;
            }
        }
        return true;
    }

    
    public boolean commit() throws LoginException {
        // Add authenticated credentials to session only if we were logged on this host with "real" credentials
        if ( != null && isClusteredSSO() && .containsKey("javax.security.auth.login.name")
                && .containsKey("javax.security.auth.login.password")
                && .get() == null) {
            String uid = (String.get("javax.security.auth.login.name");
            Credentials wc = new Credentials(uid"");
            HttpServletRequest request = null;
            try {
                request = getCurrentHttpServletRequest();
                // This can be the case with CLI login
                if (request == null) {
                    .debug("Unable to find HTTPServletRequest.");
                } else {
                    request.getSession().setAttribute(wc);
                }
            } catch (Exception e) {
                .error(thise);
                .error("LoginModule error. Turn off session credentials checking with proper configuration option of "
                        + "LoginModule set to false");
            }
        }
        return true;
    }

    
    public boolean abort() throws LoginException {
        HttpServletRequest request = getCurrentHttpServletRequest();
        if (request != null) {
            handleCredentialsRemoving(request);
        }
        return true;
    }

    
    public boolean logout() throws LoginException {
        return true;
    }
    @Override
    protected Log getLogger() {
        return ;
    }
    protected static boolean isClusteredSSO() {
        return ExoContainer.getProfiles().contains("cluster");
    }

    
Remove credentials of authenticated user from AuthenticationRegistry.

Parameters:
request httpRequest
    protected void handleCredentialsRemoving(HttpServletRequest request) {
        try {
            AuthenticationRegistry authenticationRegistry = (AuthenticationRegistrygetContainer().getComponentInstanceOfType(
                    AuthenticationRegistry.class);
            if (request != null) {
                authenticationRegistry.removeCredentials(request);
            }
        } catch (Exception e) {
            .debug("Unable to remove credentials from credentialsRegistry."e);
        }
    }
        HttpServletRequest request = null;
        try {
            if ( != null) {
                request = (HttpServletRequest.invoke(null"javax.servlet.http.HttpServletRequest");
            }
        } catch (Exception e) {
            .debug("Exception when trying to obtain HTTPServletRequest."e);
        }
        return request;
    }
New to GrepCode? Check out our FAQ X