]> git.argeo.org Git - lgpl/argeo-commons.git/blob - auth/SingleUserLoginModule.java
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Prepare next development cycle
[lgpl/argeo-commons.git] / auth / SingleUserLoginModule.java
1 package org.argeo.cms.auth;
2
3 import java.net.InetAddress;
4 import java.net.UnknownHostException;
5 import java.security.Principal;
6 import java.util.Map;
7 import java.util.Set;
8
9 import javax.naming.ldap.LdapName;
10 import javax.security.auth.Subject;
11 import javax.security.auth.callback.CallbackHandler;
12 import javax.security.auth.kerberos.KerberosPrincipal;
13 import javax.security.auth.login.LoginException;
14 import javax.security.auth.spi.LoginModule;
15 import javax.security.auth.x500.X500Principal;
16
17 import org.apache.commons.logging.Log;
18 import org.apache.commons.logging.LogFactory;
19 import org.argeo.api.NodeConstants;
20 import org.argeo.api.security.DataAdminPrincipal;
21 import org.argeo.cms.internal.auth.ImpliedByPrincipal;
22 import org.argeo.naming.LdapAttrs;
23 import org.argeo.osgi.useradmin.IpaUtils;
24 import org.osgi.service.useradmin.Authorization;
25
26 public class SingleUserLoginModule implements LoginModule {
27 private final static Log log = LogFactory.getLog(SingleUserLoginModule.class);
28
29 private Subject subject;
30 private Map<String, Object> sharedState = null;
31
32 @SuppressWarnings("unchecked")
33 @Override
34 public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
35 Map<String, ?> options) {
36 this.subject = subject;
37 this.sharedState = (Map<String, Object>) sharedState;
38 }
39
40 @Override
41 public boolean login() throws LoginException {
42 String username = System.getProperty("user.name");
43 if (!sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME))
44 sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, username);
45 return true;
46 }
47
48 @Override
49 public boolean commit() throws LoginException {
50 X500Principal principal;
51 KerberosPrincipal kerberosPrincipal = CmsAuthUtils.getSinglePrincipal(subject, KerberosPrincipal.class);
52 if (kerberosPrincipal != null) {
53 LdapName userDn = IpaUtils.kerberosToDn(kerberosPrincipal.getName());
54 principal = new X500Principal(userDn.toString());
55 } else {
56 Object username = sharedState.get(CmsAuthUtils.SHARED_STATE_NAME);
57 if (username == null)
58 throw new LoginException("No username available");
59 String hostname;
60 try {
61 hostname = InetAddress.getLocalHost().getHostName();
62 } catch (UnknownHostException e) {
63 log.warn("Using localhost as hostname", e);
64 hostname = "localhost";
65 }
66 String baseDn = ("." + hostname).replaceAll("\\.", ",dc=");
67 principal = new X500Principal(LdapAttrs.uid + "=" + username + baseDn);
68 }
69 Set<Principal> principals = subject.getPrincipals();
70 principals.add(principal);
71 principals.add(new ImpliedByPrincipal(NodeConstants.ROLE_ADMIN, principal));
72 principals.add(new DataAdminPrincipal());
73
74 Authorization authorization = new SingleUserAuthorization();
75 subject.getPrivateCredentials().add(authorization);
76
77 return true;
78 }
79
80 @Override
81 public boolean abort() throws LoginException {
82 return true;
83 }
84
85 @Override
86 public boolean logout() throws LoginException {
87 // TODO Auto-generated method stub
88 return true;
89 }
90
91 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi