Experimentos com o LoginModule

Cleverson Sacramento
1 parent bff29051
Showing 2 changed files with 37 additions and 1 deletions Show diff stats
impl/extension/jaas/src/main/java/br/gov/frameworkdemoiselle/security/JAASAuthenticator.java
impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/util/ServletFilter.java
@@ -39,6 +39,7 @@ package br.gov.frameworkdemoiselle.security;
 import static br.gov.frameworkdemoiselle.internal.implementation.StrategySelector.EXTENSIONS_L1_PRIORITY;
  
 import java.io.IOException;
+import java.security.SecurityPermission;
  
 import javax.enterprise.context.SessionScoped;
 import javax.enterprise.inject.Produces;
@@ -91,7 +92,7 @@ public class JAASAuthenticator implements Authenticator {
  
 		try {
 			LoginContext loginContext = createLoginContext();
-
+			
 			if (loginContext != null) {
 				loginContext.login();
  
@@ -136,6 +137,29 @@ public class JAASAuthenticator implements Authenticator {
  
 	@Override
 	public User getUser() {
+		try {
+			
+//			LoginContext
+			
+//			AbstractSecurityContext.
+			
+			Object securityContext = System.getSecurityManager().getSecurityContext();
+			
+			System.out.println(securityContext.toString());
+			
+			String name = config.getLoginModuleName();
+			LoginContext loginContext = new LoginContext(name, this.subject);
+			loginContext.login();
+			
+			Subject subject2 = loginContext.getSubject();
+			
+			System.out.println(subject2.toString());
+			
+		} catch (LoginException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		}
+		
 		return this.user;
 	}
  
@@ -38,6 +38,7 @@ package br.gov.frameworkdemoiselle.util;
  
 import java.io.IOException;
  
+import javax.security.auth.login.LoginContext;
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
@@ -46,6 +47,7 @@ import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
  
 import br.gov.frameworkdemoiselle.internal.producer.HttpServletRequestProducer;
 import br.gov.frameworkdemoiselle.internal.producer.HttpServletResponseProducer;
@@ -63,6 +65,16 @@ public class ServletFilter implements Filter {
 		Beans.getReference(HttpServletRequestProducer.class).setDelegate((HttpServletRequest) request);
 		Beans.getReference(HttpServletResponseProducer.class).setDelegate((HttpServletResponse) response);
  
+		//((HttpServletRequest) request).;
+		
+		LoginContext ctx = null;
+		HttpSession sess = (HttpSession) ((HttpServletRequest) request).getSession(false);
+		if (sess != null) {
+			ctx = (LoginContext) sess.getAttribute("ctx");
+		}
+		
+		System.out.println(ctx);
+
 		chain.doFilter(request, response);
 	}
...	...	@@ -39,6 +39,7 @@ package br.gov.frameworkdemoiselle.security;
39	39	import static br.gov.frameworkdemoiselle.internal.implementation.StrategySelector.EXTENSIONS_L1_PRIORITY;
40	40
41	41	import java.io.IOException;
	42	+import java.security.SecurityPermission;
42	43
43	44	import javax.enterprise.context.SessionScoped;
44	45	import javax.enterprise.inject.Produces;
...	...	@@ -91,7 +92,7 @@ public class JAASAuthenticator implements Authenticator {
91	92
92	93	try {
93	94	LoginContext loginContext = createLoginContext();
94		-
	95	+
95	96	if (loginContext != null) {
96	97	loginContext.login();
97	98
...	...	@@ -136,6 +137,29 @@ public class JAASAuthenticator implements Authenticator {
136	137
137	138	@Override
138	139	public User getUser() {
	140	+ try {
	141	+
	142	+// LoginContext
	143	+
	144	+// AbstractSecurityContext.
	145	+
	146	+ Object securityContext = System.getSecurityManager().getSecurityContext();
	147	+
	148	+ System.out.println(securityContext.toString());
	149	+
	150	+ String name = config.getLoginModuleName();
	151	+ LoginContext loginContext = new LoginContext(name, this.subject);
	152	+ loginContext.login();
	153	+
	154	+ Subject subject2 = loginContext.getSubject();
	155	+
	156	+ System.out.println(subject2.toString());
	157	+
	158	+ } catch (LoginException e) {
	159	+ // TODO Auto-generated catch block
	160	+ e.printStackTrace();
	161	+ }
	162	+
139	163	return this.user;
140	164	}
141	165
...	...
...	...	@@ -38,6 +38,7 @@ package br.gov.frameworkdemoiselle.util;
38	38
39	39	import java.io.IOException;
40	40
	41	+import javax.security.auth.login.LoginContext;
41	42	import javax.servlet.Filter;
42	43	import javax.servlet.FilterChain;
43	44	import javax.servlet.FilterConfig;
...	...	@@ -46,6 +47,7 @@ import javax.servlet.ServletRequest;
46	47	import javax.servlet.ServletResponse;
47	48	import javax.servlet.http.HttpServletRequest;
48	49	import javax.servlet.http.HttpServletResponse;
	50	+import javax.servlet.http.HttpSession;
49	51
50	52	import br.gov.frameworkdemoiselle.internal.producer.HttpServletRequestProducer;
51	53	import br.gov.frameworkdemoiselle.internal.producer.HttpServletResponseProducer;
...	...	@@ -63,6 +65,16 @@ public class ServletFilter implements Filter {
63	65	Beans.getReference(HttpServletRequestProducer.class).setDelegate((HttpServletRequest) request);
64	66	Beans.getReference(HttpServletResponseProducer.class).setDelegate((HttpServletResponse) response);
65	67
	68	+ //((HttpServletRequest) request).;
	69	+
	70	+ LoginContext ctx = null;
	71	+ HttpSession sess = (HttpSession) ((HttpServletRequest) request).getSession(false);
	72	+ if (sess != null) {
	73	+ ctx = (LoginContext) sess.getAttribute("ctx");
	74	+ }
	75	+
	76	+ System.out.println(ctx);
	77	+
66	78	chain.doFilter(request, response);
67	79	}
68	80
...	...