01 package com.technoetic.xplanner.security.jaas; 02 03 import com.technoetic.xplanner.db.hibernate.ThreadSession; 04 import com.technoetic.xplanner.domain.Person; 05 import com.technoetic.xplanner.security.AuthenticationException; 06 import com.technoetic.xplanner.security.PersonPrincipal; 07 import net.sf.hibernate.Hibernate; 08 import net.sf.hibernate.Session; 09 import org.apache.log4j.Logger; 10 11 import javax.security.auth.Subject; 12 import java.util.Iterator; 13 import java.util.List; 14 15 public class AbstractLoginModule { 16 protected Logger log = Logger.getLogger(getClass()); 17 18 public void populateSubjectPrincipalFromDatabase(Subject subject, String userId) 19 throws AuthenticationException { 20 Person person = getPerson(userId); 21 if (person == null) { 22 throw new AuthenticationException("user " + userId + " not found"); 23 } 24 subject.getPrincipals().add(new PersonPrincipal(person)); 25 26 } 27 28 public Person getPerson(String userId) throws AuthenticationException { 29 try { 30 Session session = ThreadSession.get(); 31 List people = session.find("from person in class " + 32 Person.class.getName() + " where userid = ?", 33 userId, Hibernate.STRING); 34 Iterator peopleIterator = people.iterator(); Rate35 if (peopleIterator.hasNext()) { 36 return (Person)peopleIterator.next(); 37 } else { 38 return null; 39 } 40 } catch (Exception ex) { 41 log.error("error during authentication", ex); 42 throw new AuthenticationException("server error."); 43 } 44 45 } 46 }