JCaptchaLoginModule xref

View Javadoc

1   /*
2   jGuard is a security framework based on top of jaas (java authentication and authorization security).
3   it is written for web applications, to resolve simply, access control problems.
4   version $Name$
5   http://sourceforge.net/projects/jguard/
6   
7   Copyright (C) 2004  Charles GAY
8   
9   This library is free software; you can redistribute it and/or
10  modify it under the terms of the GNU Lesser General Public
11  License as published by the Free Software Foundation; either
12  version 2.1 of the License, or (at your option) any later version.
13  
14  This library is distributed in the hope that it will be useful,
15  but WITHOUT ANY WARRANTY; without even the implied warranty of
16  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
17  Lesser General Public License for more details.
18  
19  You should have received a copy of the GNU Lesser General Public
20  License along with this library; if not, write to the Free Software
21  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
22  
23  
24  jGuard project home page:
25  http://sourceforge.net/projects/jguard/
26  
27  */
28  package net.sf.jguard.ext.authentication.loginmodules;
29  
30  import java.io.IOException;
31  import java.util.Map;
32  
33  import javax.security.auth.Subject;
34  import javax.security.auth.callback.Callback;
35  import javax.security.auth.callback.CallbackHandler;
36  import javax.security.auth.callback.UnsupportedCallbackException;
37  import javax.security.auth.login.LoginException;
38  import javax.security.auth.spi.LoginModule;
39  
40  import net.sf.jguard.ext.authentication.callbacks.JCaptchaCallback;
41  
42  import com.octo.captcha.module.config.CaptchaModuleConfig;
43  import com.octo.captcha.service.CaptchaService;
44  import com.octo.captcha.service.CaptchaServiceException;
45  import java.util.logging.Level;
46  import org.slf4j.Logger;
47  import org.slf4j.LoggerFactory;
48  /**
49   * <a href="http://jcaptcha.sourceforge.net/">JCaptcha</a> integration.
50   * @author <a href="mailto:diabolo512@users.sourceforge.net">Charles Gay</a>
51   *
52   */
53  public class JCaptchaLoginModule implements LoginModule {
54      private static Logger logger = LoggerFactory.getLogger(JCaptchaLoginModule.class.getName());
55      private static final String CAPTCHA_ANSWER_FIELD = "captchaAnswerField";
56      private Class serviceClass;
57      private CaptchaService service;
58      private String captchaAnswerField;
59      private CallbackHandler callbackHandler;
60      private boolean loginOK = true;
61  
62  	public void initialize(Subject subj,CallbackHandler cbkHandler,Map sState,Map opts){
63          this.callbackHandler    = cbkHandler;
64  		captchaAnswerField = (String) opts.get(JCaptchaLoginModule.CAPTCHA_ANSWER_FIELD);
65  		if(captchaAnswerField==null ||captchaAnswerField.equals("")){
66  			captchaAnswerField="captchaAnswer";
67  		}
68  
69          try {
70  			serviceClass =  Class.forName(CaptchaModuleConfig.getInstance().getServiceClass());
71  		} catch (ClassNotFoundException e) {
72  			logger.error(" JCaptcha service class cannot be found ");
73  		}
74  	}
75  
76  	public boolean login() throws LoginException {
77  		String sessionID = "-1";
78  		String captchaAnswer = "";
79  		boolean skipJCaptchaChallenge = false;
80  
81  		if (callbackHandler == null){
82  			loginOK = false;
83              throw new JCaptchaLoginException("there is no CallbackHandler to validate  the JCaptcha Answer");
84          }
85  		Callback[] callbacks = new Callback[1];
86  		callbacks[0] = new JCaptchaCallback();
87  
88  		 try {
89  			callbackHandler.handle(callbacks);
90  			JCaptchaCallback jcaptchaCallback = (JCaptchaCallback) callbacks[0];
91  			captchaAnswer = jcaptchaCallback.getCaptchaAnswer();
92  			skipJCaptchaChallenge = jcaptchaCallback.isSkipJCaptchaChallenge();
93  			sessionID = jcaptchaCallback.getSessionID();
94  			logger.debug("session ID="+sessionID);
95  			service =  jcaptchaCallback.getCaptchaService();
96  			logger.debug("service="+service);
97  
98  			if(skipJCaptchaChallenge==true){
99                 return false;
100 			}
101 
102 			if(service == null){
103 				loginOK = false;
104             	throw new JCaptchaLoginException(" JCaptcha service is null: it has not been properly initialized ");
105             }
106 		} catch (IOException e) {
107 			loginOK = false;
108 			throw new JCaptchaLoginException(e.getMessage());
109 		} catch (UnsupportedCallbackException e) {
110 			loginOK = false;
111 			throw new JCaptchaLoginException(e.getMessage());
112 		}
113 		Boolean valid = null;
114 		try{
115          valid = service.validateResponseForID(sessionID,captchaAnswer);
116 		}catch(CaptchaServiceException e){
117 			logger.warn(e.getMessage());
118 			loginOK = false;
119 			throw new JCaptchaLoginException(" an error has occured in CAPTCHA validation ");
120 		}
121 
122         if(valid.booleanValue()==false){
123         	loginOK = false;
124              throw new JCaptchaLoginException(" invalid JCaptcha Answer ");
125         }
126 		return true;
127 	}
128 
129 	public boolean commit() throws LoginException {
130 		if(loginOK){
131 			return true;
132 		}else{
133 			return false;
134 		}
135 	}
136 
137 	public boolean abort() throws LoginException {
138 		return true;
139 	}
140 
141 	public boolean logout() throws LoginException {
142 		return true;
143 	}
144 
145 }