001/* 002 * Copyright (c) 2006-2011 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * All rights reserved. This program and the accompanying materials 005 * are made available under the terms of the Eclipse Public License v1.0 006 * which accompanies this distribution, and is available at 007 * http://www.eclipse.org/legal/epl-v10.html 008 * 009 * Contributors: 010 * Florent Guillaume 011 */ 012package org.nuxeo.ecm.core.opencmis.bindings; 013 014import java.util.Map; 015 016import javax.security.auth.login.LoginContext; 017import javax.security.auth.login.LoginException; 018import javax.servlet.http.HttpServletRequest; 019import javax.xml.ws.handler.MessageContext; 020import javax.xml.ws.handler.MessageContext.Scope; 021import javax.xml.ws.handler.soap.SOAPMessageContext; 022 023import org.apache.chemistry.opencmis.commons.enums.CmisVersion; 024import org.apache.chemistry.opencmis.commons.server.CallContext; 025import org.apache.chemistry.opencmis.server.impl.webservices.AbstractService; 026import org.apache.chemistry.opencmis.server.impl.webservices.CmisWebServicesServlet; 027import org.apache.commons.logging.Log; 028import org.apache.commons.logging.LogFactory; 029import org.nuxeo.runtime.api.Framework; 030import org.nuxeo.runtime.api.login.Authenticator; 031 032/** 033 * SOAP handler that extracts authentication information from the SOAP headers and propagates it to Nuxeo for login. 034 */ 035public class NuxeoCmisAuthHandler extends CXFAuthHandler implements LoginProvider { 036 037 public static final String NUXEO_LOGIN_CONTEXT = "nuxeo.opencmis.LoginContext"; 038 039 private static final Log log = LogFactory.getLog(NuxeoCmisAuthHandler.class); 040 041 protected LoginProvider loginProvider; 042 043 @Override 044 public boolean handleMessage(SOAPMessageContext context) { 045 boolean res = super.handleMessage(context); 046 047 HttpServletRequest request = (HttpServletRequest) context.get(MessageContext.SERVLET_REQUEST); 048 request.setAttribute(CmisWebServicesServlet.CMIS_VERSION, CmisVersion.CMIS_1_1); 049 050 @SuppressWarnings("unchecked") 051 Map<String, String> callContextMap = (Map<String, String>) context.get(AbstractService.CALL_CONTEXT_MAP); 052 if (callContextMap != null) { 053 // login to Nuxeo 054 String username = callContextMap.get(CallContext.USERNAME); 055 String password = callContextMap.get(CallContext.PASSWORD); 056 try { 057 LoginContext loginContext = getLoginProvider().login(username, password); 058 // store in message context, for later logout 059 context.put(NUXEO_LOGIN_CONTEXT, loginContext); 060 context.setScope(NUXEO_LOGIN_CONTEXT, Scope.APPLICATION); 061 } catch (LoginException e) { 062 throw new RuntimeException("Login failed for user '" + username + "'", e); 063 } 064 } 065 return res; 066 } 067 068 @Override 069 public void close(MessageContext context) { 070 LoginContext loginContext = (LoginContext) context.get(NUXEO_LOGIN_CONTEXT); 071 if (loginContext != null) { 072 try { 073 loginContext.logout(); 074 } catch (LoginException e) { 075 log.error("Cannot logout", e); 076 } 077 } 078 super.close(context); 079 } 080 081 protected LoginProvider getLoginProvider() { 082 if (loginProvider == null) { 083 loginProvider = this; 084 String className = Framework.getProperty(LoginProvider.class.getName()); 085 if (className != null) { 086 try { 087 Object instance = Class.forName(className).newInstance(); 088 if (instance instanceof LoginProvider) { 089 loginProvider = (LoginProvider) instance; 090 } else { 091 log.error(className + " is not an instance of " + LoginProvider.class.getName()); 092 } 093 } catch (ReflectiveOperationException e) { 094 log.error(e); 095 } 096 } 097 } 098 return loginProvider; 099 } 100 101 // LoginProvider 102 @Override 103 public LoginContext login(String username, String password) { 104 try { 105 // check identity against UserManager 106 if (!getAuthenticator().checkUsernamePassword(username, password)) { 107 throw new RuntimeException("Authentication failed for user '" + username + "'"); 108 } 109 // login to Nuxeo framework 110 return Framework.login(username, password); 111 } catch (LoginException e) { 112 throw new RuntimeException("Login failed for user '" + username + "'", e); 113 } 114 } 115 116 protected static Authenticator getAuthenticator() { 117 return Framework.getService(Authenticator.class); 118 } 119 120}