Author: alain_defrance Date: 2010-10-05 12:00:13 -0400 (Tue, 05 Oct 2010) New Revision: 4512 Removed: portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/login/PortalLoginController.java Modified: portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/login/InitiateLoginServlet.java portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/login/LogoutControl.java portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/security/Credentials.java portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginModule.java portal/branches/wci/examples/portal/README.txt portal/branches/wci/examples/portal/ear/src/main/application/META-INF/gatein-jboss-beans.xml portal/branches/wci/examples/portal/war/src/main/webapp/WEB-INF/web.xml portal/branches/wci/packaging/tomcat/pkg/src/main/resources/tomcat/conf/jaas.conf portal/branches/wci/server/jboss/patch-ear/src/main/jboss/server/default/deploy/gatein.ear/META-INF/gatein-jboss-beans.xml portal/branches/wci/server/tomcat/patch/src/main/tomcat/conf/jaas.conf portal/branches/wci/server/tomcat7/patch/src/main/tomcat/conf/jaas.conf portal/branches/wci/web/portal/src/main/webapp/WEB-INF/web.xml Log: use LoginModule & LoginController from WCI Modified: portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/login/InitiateLoginServlet.java =================================================================== --- portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/login/InitiateLoginServlet.java 2010-10-05 15:59:17 UTC (rev 4511) +++ portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/login/InitiateLoginServlet.java 2010-10-05 16:00:13 UTC (rev 4512) @@ -28,6 +28,7 @@ import org.gatein.common.logging.LoggerFactory; import org.gatein.wci.authentication.AuthenticationResult; import org.gatein.wci.authentication.GenericAuthenticationResult; +import org.gatein.wci.authentication.WCICredentials; import org.gatein.wci.impl.DefaultServletContainerFactory; import java.io.IOException; @@ -54,9 +55,6 @@ /** . */ public static final String COOKIE_NAME = "rememberme"; - /** . */ - public static final String CREDENTIALS = "credentials"; - @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { @@ -64,7 +62,7 @@ HttpSession session = req.getSession(); // Looking for credentials stored in the session - Credentials credentials = (Credentials)session.getAttribute(InitiateLoginServlet.CREDENTIALS); + WCICredentials credentials = (WCICredentials)session.getAttribute(WCICredentials.CREDENTIALS); // if (credentials == null) @@ -77,7 +75,7 @@ if (token != null) { AbstractTokenService tokenService = AbstractTokenService.getInstance(CookieTokenService.class); - credentials = tokenService.validateToken(token, false); + credentials = tokenService.validateToken(token, false).getWCICredentials(); if (credentials == null) { log.debug("Login initiated with no credentials in session but found token an invalid " + token + " " + @@ -111,20 +109,46 @@ } else { - // WCI authentication - AuthenticationResult result = DefaultServletContainerFactory.getInstance().getServletContainer() - .login(req, resp, credentials.getUsername(), credentials.getPassword()); + try + { + // WCI authentication + AuthenticationResult result = DefaultServletContainerFactory.getInstance().getServletContainer() + .login(req, resp, credentials.getUsername(), credentials.getPassword()); - log.debug("Login initiated with credentials in session, performing authentication"); - if (result instanceof GenericAuthenticationResult) - { - GenericAuthenticationResult genericAuthentication = (GenericAuthenticationResult) result; - req.getSession().removeAttribute(InitiateLoginServlet.CREDENTIALS); - sendAuth(resp, credentials.getUsername(), genericAuthentication.getTicket()); + log.debug("Login initiated with credentials in session, performing authentication"); + if (result instanceof GenericAuthenticationResult) + { + // if we do have a remember me + String rememberme = req.getParameter("rememberme"); + if ("true".equals(rememberme)) + { + boolean isRemember = "true".equals(req.getParameter(InitiateLoginServlet.COOKIE_NAME)); + if (isRemember) + { + //Create token + AbstractTokenService tokenService = AbstractTokenService.getInstance(CookieTokenService.class); + String cookieToken = tokenService.createToken(new Credentials(credentials)); + + log.debug("Found a remember me request parameter, created a persistent token " + cookieToken + " for it and set it up " + + "in the next response"); + Cookie cookie = new Cookie(InitiateLoginServlet.COOKIE_NAME, cookieToken); + cookie.setPath(req.getContextPath()); + cookie.setMaxAge((int)tokenService.getValidityTime() / 1000); + resp.addCookie(cookie); + } + } + ((GenericAuthenticationResult) result).perform(req, resp); + } + else + { + + resp.sendRedirect(resp.encodeRedirectURL("")); + } } - else + catch (Exception e) { - resp.sendRedirect(resp.encodeRedirectURL("")); + // TODO : login fails + getServletContext().getRequestDispatcher("/portal/errorlogin").forward(req, resp); } } } Modified: portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/login/LogoutControl.java =================================================================== --- portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/login/LogoutControl.java 2010-10-05 15:59:17 UTC (rev 4511) +++ portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/login/LogoutControl.java 2010-10-05 16:00:13 UTC (rev 4512) @@ -25,8 +25,14 @@ */ public class LogoutControl { - private static final ThreadLocal<Boolean> wantLogout = new ThreadLocal<Boolean>(); - + private static final ThreadLocal<Boolean> wantLogout = new ThreadLocal<Boolean>() + { + @Override + protected Boolean initialValue() { + return false; + } + }; + public static void cancelLogout() { wantLogout.set(false); @@ -41,4 +47,4 @@ { return wantLogout.get(); } -} +} \ No newline at end of file Deleted: portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/login/PortalLoginController.java =================================================================== --- portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/login/PortalLoginController.java 2010-10-05 15:59:17 UTC (rev 4511) +++ portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/login/PortalLoginController.java 2010-10-05 16:00:13 UTC (rev 4512) @@ -1,118 +0,0 @@ -/** - * Copyright (C) 2009 eXo Platform SAS. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ - -package org.exoplatform.web.login; - -import org.exoplatform.container.web.AbstractHttpServlet; -import org.exoplatform.web.security.Credentials; -import org.exoplatform.web.security.security.AbstractTokenService; -import org.exoplatform.web.security.security.CookieTokenService; -import org.gatein.common.logging.Logger; -import org.gatein.common.logging.LoggerFactory; - -import java.io.IOException; - -import javax.servlet.ServletException; -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -/** - * @author <a href="mailto:trong.tran@exoplatform.com">Tran The Trong</a> - * @version $Revision$ - */ -public class PortalLoginController extends AbstractHttpServlet -{ - - /** . */ - private static final Logger log = LoggerFactory.getLogger(PortalLoginController.class); - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException - { - String username = req.getParameter("username"); - String password = req.getParameter("password"); - - // - if (username == null) - { - log.error("Tried to access the portal login controller without username provided"); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "No username provided"); - return; - } - if (password == null) - { - log.error("Tried to access the portal login controller without password provided"); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "No password provided"); - return; - } - - // - log.debug("Found username and password and set credentials in http session"); - Credentials credentials = new Credentials(username, password); - req.getSession().setAttribute(InitiateLoginServlet.CREDENTIALS, credentials); - - // Obtain initial URI - String uri = req.getParameter("initialURI"); - - // otherwise compute one - if (uri == null || uri.length() == 0) - { - uri = req.getContextPath() + "/private/classic"; - log.debug("No initial URI found, will use default " + uri + " instead "); - } - else - { - log.debug("Found initial URI " + uri); - } - - // if we do have a remember me - String rememberme = req.getParameter("rememberme"); - if ("true".equals(rememberme)) - { - boolean isRemember = "true".equals(req.getParameter(InitiateLoginServlet.COOKIE_NAME)); - if (isRemember) - { - //Create token - AbstractTokenService tokenService = AbstractTokenService.getInstance(CookieTokenService.class); - String cookieToken = tokenService.createToken(credentials); - - log.debug("Found a remember me request parameter, created a persistent token " + cookieToken + " for it and set it up " + - "in the next response"); - Cookie cookie = new Cookie(InitiateLoginServlet.COOKIE_NAME, cookieToken); - cookie.setPath(req.getContextPath()); - cookie.setMaxAge((int)tokenService.getValidityTime() / 1000); - resp.addCookie(cookie); - } - } - - // - resp.sendRedirect(uri); - } - - protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException - { - doGet(req, resp); - } - - @Override - protected boolean requirePortalEnvironment() - { - return true; - } -} Modified: portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/security/Credentials.java =================================================================== --- portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/security/Credentials.java 2010-10-05 15:59:17 UTC (rev 4511) +++ portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/security/Credentials.java 2010-10-05 16:00:13 UTC (rev 4512) @@ -89,4 +89,9 @@ { return password; } + + public WCICredentials getWCICredentials() + { + return new WCICredentials(username, password); + } } Modified: portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginModule.java =================================================================== --- portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginModule.java 2010-10-05 15:59:17 UTC (rev 4511) +++ portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginModule.java 2010-10-05 16:00:13 UTC (rev 4512) @@ -25,8 +25,6 @@ import org.exoplatform.services.security.jaas.AbstractLoginModule; import org.exoplatform.web.login.InitiateLoginServlet; import org.exoplatform.web.security.security.CookieTokenService; -import org.gatein.wci.authentication.GenericAuthentication; -import org.gatein.wci.authentication.WCICredentials; import javax.security.auth.callback.Callback; import javax.security.auth.callback.NameCallback; @@ -100,38 +98,30 @@ callbackHandler.handle(callbacks); String password = new String(((PasswordCallback)callbacks[1]).getPassword()); - WCICredentials wciCredentials = GenericAuthentication.TICKET_SERVICE.validateToken(password, true); Credentials c = null; - if (wciCredentials != null) - { - c = new Credentials(wciCredentials); - } - else - { - ExoContainer container = getContainer(); - Object o = - ((CookieTokenService)container.getComponentInstanceOfType(CookieTokenService.class)).validateToken( - password, false); + ExoContainer container = getContainer(); + Object o = + ((CookieTokenService)container.getComponentInstanceOfType(CookieTokenService.class)).validateToken( + password, false); - // - // For clustered config check credentials stored and propagated in session. This won't work in tomcat because - // of lack of JACC PolicyContext so the code must be a bit defensive - if (o == null && getContextMethod != null && password.startsWith(InitiateLoginServlet.COOKIE_NAME)) + // + // For clustered config check credentials stored and propagated in session. This won't work in tomcat because + // of lack of JACC PolicyContext so the code must be a bit defensive + if (o == null && getContextMethod != null && password.startsWith(InitiateLoginServlet.COOKIE_NAME)) + { + HttpServletRequest request; + try { - HttpServletRequest request; - try - { - request = (HttpServletRequest)getContextMethod.invoke(null, "javax.servlet.http.HttpServletRequest"); - o = request.getSession().getAttribute(AUTHENTICATED_CREDENTIALS); - } - catch(Throwable e) - { - log.error(this,e); - log.error("LoginModule error. Turn off session credentials checking with proper configuration option of " + - "LoginModule set to false"); - } - + request = (HttpServletRequest)getContextMethod.invoke(null, "javax.servlet.http.HttpServletRequest"); + o = request.getSession().getAttribute(AUTHENTICATED_CREDENTIALS); } + catch(Throwable e) + { + log.error(this,e); + log.error("LoginModule error. Turn off session credentials checking with proper configuration option of " + + "LoginModule set to false"); + } + if (o instanceof Credentials) { c = (Credentials) o; } Modified: portal/branches/wci/examples/portal/README.txt =================================================================== --- portal/branches/wci/examples/portal/README.txt 2010-10-05 15:59:17 UTC (rev 4511) +++ portal/branches/wci/examples/portal/README.txt 2010-10-05 16:00:13 UTC (rev 4512) @@ -52,6 +52,9 @@ 7. Define the related realm in your file tomcat/conf/jaas.conf, as below: gatein-domain-sample-portal { + org.gatein.wci.security.WCILoginModule optional + portalContainerName="sample-portal" + realmName="gatein-domain-sample-portal"; org.exoplatform.web.security.PortalLoginModule required portalContainerName="sample-portal" realmName="gatein-domain-sample-portal"; Modified: portal/branches/wci/examples/portal/ear/src/main/application/META-INF/gatein-jboss-beans.xml =================================================================== --- portal/branches/wci/examples/portal/ear/src/main/application/META-INF/gatein-jboss-beans.xml 2010-10-05 15:59:17 UTC (rev 4511) +++ portal/branches/wci/examples/portal/ear/src/main/application/META-INF/gatein-jboss-beans.xml 2010-10-05 16:00:13 UTC (rev 4512) @@ -2,6 +2,10 @@ <application-policy xmlns="urn:jboss:security-beans:1.0" name="gatein-domain-sample-portal"> <authentication> + <login-module code="org.gatein.wci.security.WCILoginModule" flag="optional"> + <module-option name="portalContainerName">sample-portal</module-option> + <module-option name="realmName">gatein-domain-sample-portal</module-option> + </login-module> <login-module code="org.exoplatform.web.security.PortalLoginModule" flag="required"> <module-option name="portalContainerName">sample-portal</module-option> <module-option name="realmName">gatein-domain-sample-portal</module-option> Modified: portal/branches/wci/examples/portal/war/src/main/webapp/WEB-INF/web.xml =================================================================== --- portal/branches/wci/examples/portal/war/src/main/webapp/WEB-INF/web.xml 2010-10-05 15:59:17 UTC (rev 4511) +++ portal/branches/wci/examples/portal/war/src/main/webapp/WEB-INF/web.xml 2010-10-05 16:00:13 UTC (rev 4512) @@ -169,7 +169,7 @@ <servlet> <servlet-name>PortalLoginController</servlet-name> - <servlet-class>org.exoplatform.web.login.PortalLoginController</servlet-class> + <servlet-class>org.gatein.wci.security.WCILoginController</servlet-class> </servlet> <servlet> <servlet-name>InitiateLoginServlet</servlet-name> Modified: portal/branches/wci/packaging/tomcat/pkg/src/main/resources/tomcat/conf/jaas.conf =================================================================== --- portal/branches/wci/packaging/tomcat/pkg/src/main/resources/tomcat/conf/jaas.conf 2010-10-05 15:59:17 UTC (rev 4511) +++ portal/branches/wci/packaging/tomcat/pkg/src/main/resources/tomcat/conf/jaas.conf 2010-10-05 16:00:13 UTC (rev 4512) @@ -1,4 +1,5 @@ gatein-domain { + org.gatein.wci.security.WCILoginModule optional; org.exoplatform.web.security.PortalLoginModule required; org.exoplatform.services.security.jaas.SharedStateLoginModule required; org.exoplatform.services.security.j2ee.TomcatLoginModule required; Modified: portal/branches/wci/server/jboss/patch-ear/src/main/jboss/server/default/deploy/gatein.ear/META-INF/gatein-jboss-beans.xml =================================================================== --- portal/branches/wci/server/jboss/patch-ear/src/main/jboss/server/default/deploy/gatein.ear/META-INF/gatein-jboss-beans.xml 2010-10-05 15:59:17 UTC (rev 4511) +++ portal/branches/wci/server/jboss/patch-ear/src/main/jboss/server/default/deploy/gatein.ear/META-INF/gatein-jboss-beans.xml 2010-10-05 16:00:13 UTC (rev 4512) @@ -2,6 +2,10 @@ <application-policy xmlns="urn:jboss:security-beans:1.0" name="gatein-domain"> <authentication> + <login-module code="org.gatein.wci.security.WCILoginModule" flag="optional"> + <module-option name="portalContainerName">portal</module-option> + <module-option name="realmName">gatein-domain</module-option> + </login-module> <login-module code="org.exoplatform.web.security.PortalLoginModule" flag="required"> <module-option name="portalContainerName">portal</module-option> <module-option name="realmName">gatein-domain</module-option> Modified: portal/branches/wci/server/tomcat/patch/src/main/tomcat/conf/jaas.conf =================================================================== --- portal/branches/wci/server/tomcat/patch/src/main/tomcat/conf/jaas.conf 2010-10-05 15:59:17 UTC (rev 4511) +++ portal/branches/wci/server/tomcat/patch/src/main/tomcat/conf/jaas.conf 2010-10-05 16:00:13 UTC (rev 4512) @@ -1,4 +1,5 @@ gatein-domain { + org.gatein.wci.security.WCILoginModule optional; org.exoplatform.web.security.PortalLoginModule required; org.exoplatform.services.security.jaas.SharedStateLoginModule required; org.exoplatform.services.security.j2ee.TomcatLoginModule required; Modified: portal/branches/wci/server/tomcat7/patch/src/main/tomcat/conf/jaas.conf =================================================================== --- portal/branches/wci/server/tomcat7/patch/src/main/tomcat/conf/jaas.conf 2010-10-05 15:59:17 UTC (rev 4511) +++ portal/branches/wci/server/tomcat7/patch/src/main/tomcat/conf/jaas.conf 2010-10-05 16:00:13 UTC (rev 4512) @@ -1,4 +1,5 @@ gatein-domain { + org.gatein.wci.security.WCILoginModule optional; org.exoplatform.web.security.PortalLoginModule required; org.exoplatform.services.security.jaas.SharedStateLoginModule required; org.exoplatform.services.security.j2ee.TomcatLoginModule required; Modified: portal/branches/wci/web/portal/src/main/webapp/WEB-INF/web.xml =================================================================== --- portal/branches/wci/web/portal/src/main/webapp/WEB-INF/web.xml 2010-10-05 15:59:17 UTC (rev 4511) +++ portal/branches/wci/web/portal/src/main/webapp/WEB-INF/web.xml 2010-10-05 16:00:13 UTC (rev 4512) @@ -209,7 +209,7 @@ <servlet> <servlet-name>PortalLoginController</servlet-name> - <servlet-class>org.exoplatform.web.login.PortalLoginController</servlet-class> + <servlet-class>org.gatein.wci.security.WCILoginController</servlet-class> </servlet> <servlet> <servlet-name>InitiateLoginServlet</servlet-name>