001/* 002 * (C) Copyright 2006-2011 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Florent Guillaume 018 */ 019package org.nuxeo.ecm.core.opencmis.bindings; 020 021import java.util.Map; 022 023import javax.security.auth.login.LoginContext; 024import javax.security.auth.login.LoginException; 025import javax.servlet.http.HttpServletRequest; 026import javax.xml.ws.handler.MessageContext; 027import javax.xml.ws.handler.MessageContext.Scope; 028import javax.xml.ws.handler.soap.SOAPMessageContext; 029 030import org.apache.chemistry.opencmis.commons.enums.CmisVersion; 031import org.apache.chemistry.opencmis.commons.server.CallContext; 032import org.apache.chemistry.opencmis.server.impl.webservices.AbstractService; 033import org.apache.chemistry.opencmis.server.impl.webservices.CmisWebServicesServlet; 034import org.apache.commons.logging.Log; 035import org.apache.commons.logging.LogFactory; 036import org.nuxeo.runtime.api.Framework; 037import org.nuxeo.runtime.api.login.Authenticator; 038 039/** 040 * SOAP handler that extracts authentication information from the SOAP headers and propagates it to Nuxeo for login. 041 */ 042public class NuxeoCmisAuthHandler extends CXFAuthHandler implements LoginProvider { 043 044 public static final String NUXEO_LOGIN_CONTEXT = "nuxeo.opencmis.LoginContext"; 045 046 private static final Log log = LogFactory.getLog(NuxeoCmisAuthHandler.class); 047 048 protected LoginProvider loginProvider; 049 050 @Override 051 public boolean handleMessage(SOAPMessageContext context) { 052 boolean res = super.handleMessage(context); 053 054 HttpServletRequest request = (HttpServletRequest) context.get(MessageContext.SERVLET_REQUEST); 055 request.setAttribute(CmisWebServicesServlet.CMIS_VERSION, CmisVersion.CMIS_1_1); 056 057 @SuppressWarnings("unchecked") 058 Map<String, String> callContextMap = (Map<String, String>) context.get(AbstractService.CALL_CONTEXT_MAP); 059 if (callContextMap != null) { 060 // login to Nuxeo 061 String username = callContextMap.get(CallContext.USERNAME); 062 String password = callContextMap.get(CallContext.PASSWORD); 063 try { 064 LoginContext loginContext = getLoginProvider().login(username, password); 065 // store in message context, for later logout 066 context.put(NUXEO_LOGIN_CONTEXT, loginContext); 067 context.setScope(NUXEO_LOGIN_CONTEXT, Scope.APPLICATION); 068 } catch (LoginException e) { 069 throw new RuntimeException("Login failed for user '" + username + "'", e); 070 } 071 } 072 return res; 073 } 074 075 @Override 076 public void close(MessageContext context) { 077 LoginContext loginContext = (LoginContext) context.get(NUXEO_LOGIN_CONTEXT); 078 if (loginContext != null) { 079 try { 080 loginContext.logout(); 081 } catch (LoginException e) { 082 log.error("Cannot logout", e); 083 } 084 } 085 super.close(context); 086 } 087 088 protected LoginProvider getLoginProvider() { 089 if (loginProvider == null) { 090 loginProvider = this; 091 String className = Framework.getProperty(LoginProvider.class.getName()); 092 if (className != null) { 093 try { 094 Object instance = Class.forName(className).newInstance(); 095 if (instance instanceof LoginProvider) { 096 loginProvider = (LoginProvider) instance; 097 } else { 098 log.error(className + " is not an instance of " + LoginProvider.class.getName()); 099 } 100 } catch (ReflectiveOperationException e) { 101 log.error(e); 102 } 103 } 104 } 105 return loginProvider; 106 } 107 108 // LoginProvider 109 @Override 110 public LoginContext login(String username, String password) { 111 try { 112 // check identity against UserManager 113 if (!getAuthenticator().checkUsernamePassword(username, password)) { 114 throw new RuntimeException("Authentication failed for user '" + username + "'"); 115 } 116 // login to Nuxeo framework 117 return Framework.login(username, password); 118 } catch (LoginException e) { 119 throw new RuntimeException("Login failed for user '" + username + "'", e); 120 } 121 } 122 123 protected static Authenticator getAuthenticator() { 124 return Framework.getService(Authenticator.class); 125 } 126 127}