/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.jackrabbit.oak.spi.security.authentication.external;
import java.util.Collections;
import java.util.Set;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.jcr.SimpleCredentials;
import javax.security.auth.login.LoginException;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* ExternalLoginModule... TODO
*/
public abstract class ExternalLoginModule extends AbstractLoginModule {
private static final Logger log = LoggerFactory.getLogger(ExternalLoginModule.class);
public static final String PARAM_SYNC_MODE = "syncMode";
public static final SyncMode DEFAULT_SYNC_MODE = SyncMode.DEFAULT_SYNC;
private static final String PARAM_SYNC_HANDLER = "syncHandler";
private static final String DEFAULT_SYNC_HANDLER = DefaultSyncHandler.class.getName();
//------------------------------------------------< ExternalLoginModule >---
/**
* TODO
*
* @return
*/
protected abstract boolean loginSucceeded();
/**
* TODO
*
* @return
*/
@CheckForNull
protected abstract ExternalUser getExternalUser();
/**
* TODO
*
* @return
* @throws SyncException
*/
@Nonnull
protected SyncHandler getSyncHandler() throws SyncException {
Object syncHandler = options.getConfigValue(PARAM_SYNC_HANDLER, null, null);
if (syncHandler == null) {
return new DefaultSyncHandler();
} else if (syncHandler instanceof SyncHandler) {
return (SyncHandler) syncHandler;
} else {
try {
Object sh = Class.forName(syncHandler.toString()).newInstance();
if (sh instanceof SyncHandler) {
return (SyncHandler) sh;
} else {
throw new SyncException("Invalid SyncHandler configuration: " + sh);
}
} catch (Exception e) {
throw new SyncException("Error while getting SyncHandler:", e);
}
}
}
//------------------------------------------------< AbstractLoginModule >---
/**
* Default implementation of the {@link #getSupportedCredentials()} method
* that only lists {@link SimpleCredentials} as supported. Subclasses that
* wish to support other or additional credential implementations should
* override this method.
*
* @return An immutable set containing only the {@link SimpleCredentials} class.
*/
@Override
protected Set<Class> getSupportedCredentials() {
Class scClass = SimpleCredentials.class;
return Collections.singleton(scClass);
}
//--------------------------------------------------------< LoginModule >---
/**
* TODO
*
* @return
* @throws LoginException
*/
@Override
public boolean commit() throws LoginException {
if (!loginSucceeded()) {
return false;
}
try {
SyncHandler handler = getSyncHandler();
Root root = getRoot();
UserManager userManager = getUserManager();
if (root == null || userManager == null) {
throw new LoginException("Cannot synchronize user.");
}
Object smValue = options.getConfigValue(PARAM_SYNC_MODE, null, null);
SyncMode syncMode;
if (smValue == null) {
syncMode = DEFAULT_SYNC_MODE;
} else {
syncMode = SyncMode.fromObject(smValue);
}
ExternalUser eu = getExternalUser();
if (eu != null && handler.initialize(userManager, root, syncMode, options)) {
handler.sync(eu);
root.commit();
return true;
} else {
log.warn("Failed to initialize sync handler.");
return false;
}
} catch (SyncException e) {
throw new LoginException("User synchronization failed: " + e);
} catch (CommitFailedException e) {
throw new LoginException("User synchronization failed: " + e);
}
}
}