Examples with WikiCallbackHandler - org.apache.wiki.auth.login.WikiCallbackHandler

Example 1 with WikiCallbackHandler

use of org.apache.wiki.auth.login.WikiCallbackHandler in project jspwiki by apache.

the class AuthenticationManager method login.

/**
 * Attempts to perform a WikiSession login for the given username/password
 * combination using JSPWiki's custom authentication mode. In order to log in,
 * the JAAS LoginModule supplied by the WikiEngine property {@link #PROP_LOGIN_MODULE}
 * will be instantiated, and its
 * {@link javax.security.auth.spi.LoginModule#initialize(Subject, CallbackHandler, Map, Map)}
 * method will be invoked. By default, the {@link org.apache.wiki.auth.login.UserDatabaseLoginModule}
 * class will be used. When the LoginModule's <code>initialize</code> method is invoked,
 * an options Map populated by properties keys prefixed by {@link #PREFIX_LOGIN_MODULE_OPTIONS}
 * will be passed as a parameter.
 * @param session the current wiki session; may not be <code>null</code>.
 * @param request the user's HTTP request. This parameter may be <code>null</code>, but the configured
 * LoginModule will not have access to the HTTP request in this case.
 * @param username The user name. This is a login name, not a WikiName. In
 *            most cases they are the same, but in some cases, they might
 *            not be.
 * @param password the password
 * @return true, if the username/password is valid
 * @throws org.apache.wiki.auth.WikiSecurityException if the Authorizer or UserManager cannot be obtained
 */
public boolean login(WikiSession session, HttpServletRequest request, String username, String password) throws WikiSecurityException {
    if (session == null) {
        log.error("No wiki session provided, cannot log in.");
        return false;
    }
    // Protect against brute-force password guessing if configured to do so
    if (m_throttleLogins) {
        delayLogin(username);
    }
    CallbackHandler handler = new WikiCallbackHandler(m_engine, null, username, password);
    // Execute the user's specified login module
    Set<Principal> principals = doJAASLogin(m_loginModuleClass, handler, m_loginModuleOptions);
    if (principals.size() > 0) {
        fireEvent(WikiSecurityEvent.LOGIN_AUTHENTICATED, getLoginPrincipal(principals), session);
        for (Principal principal : principals) {
            fireEvent(WikiSecurityEvent.PRINCIPAL_ADD, principal, session);
        }
        // Add all appropriate Authorizer roles
        injectAuthorizerRoles(session, m_engine.getAuthorizationManager().getAuthorizer(), null);
        return true;
    }
    return false;
}

Also used : WebContainerCallbackHandler(org.apache.wiki.auth.login.WebContainerCallbackHandler) CallbackHandler(javax.security.auth.callback.CallbackHandler) WikiCallbackHandler(org.apache.wiki.auth.login.WikiCallbackHandler) WikiCallbackHandler(org.apache.wiki.auth.login.WikiCallbackHandler) Principal(java.security.Principal)

Aggregations

Principal (java.security.Principal)1 CallbackHandler (javax.security.auth.callback.CallbackHandler)1 WebContainerCallbackHandler (org.apache.wiki.auth.login.WebContainerCallbackHandler)1 WikiCallbackHandler (org.apache.wiki.auth.login.WikiCallbackHandler)1