]> git.argeo.org Git - lgpl/argeo-commons.git/blob - org.argeo.cms/src/org/argeo/cms/auth/NodeUserLoginModule.java
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fix automated Kerberos config
[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / auth / NodeUserLoginModule.java
1 package org.argeo.cms.auth;
2
3 import java.util.Map;
4
5 import javax.security.auth.Subject;
6 import javax.security.auth.callback.CallbackHandler;
7 import javax.security.auth.login.LoginException;
8 import javax.security.auth.spi.LoginModule;
9
10 import org.osgi.service.useradmin.Authorization;
11
12 public class NodeUserLoginModule implements LoginModule {
13 private Subject subject;
14 private Map<String, Object> sharedState = null;
15
16 // private final static LdapName ROLE_ADMIN_NAME, ROLE_ANONYMOUS_NAME, ROLE_USER_NAME;
17 // private final static List<LdapName> RESERVED_ROLES;
18 // private final static X500Principal ROLE_ANONYMOUS_PRINCIPAL;
19 // static {
20 // try {
21 // // ROLE_KERNEL_NAME = new LdapName(AuthConstants.ROLE_KERNEL);
22 // ROLE_ADMIN_NAME = new LdapName(NodeConstants.ROLE_ADMIN);
23 // ROLE_USER_NAME = new LdapName(NodeConstants.ROLE_USER);
24 // ROLE_ANONYMOUS_NAME = new LdapName(NodeConstants.ROLE_ANONYMOUS);
25 // RESERVED_ROLES = Collections.unmodifiableList(Arrays.asList(new LdapName[] { ROLE_ADMIN_NAME,
26 // ROLE_ANONYMOUS_NAME, ROLE_USER_NAME, new LdapName(AuthConstants.ROLE_GROUP_ADMIN),
27 // new LdapName(NodeConstants.ROLE_USER_ADMIN) }));
28 // ROLE_ANONYMOUS_PRINCIPAL = new X500Principal(ROLE_ANONYMOUS_NAME.toString());
29 // } catch (InvalidNameException e) {
30 // throw new Error("Cannot initialize login module class", e);
31 // }
32 // }
33
34 // private Authorization authorization;
35
36 @SuppressWarnings("unchecked")
37 @Override
38 public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
39 Map<String, ?> options) {
40 this.subject = subject;
41 this.sharedState = (Map<String, Object>) sharedState;
42 }
43
44 @Override
45 public boolean login() throws LoginException {
46 // if (authorization == null)
47 // throw new FailedLoginException("No authorization available");
48 // Iterator<Authorization> auth = subject.getPrivateCredentials(
49 // Authorization.class).iterator();
50 // if (!auth.hasNext())
51 // throw new FailedLoginException("No authorization available");
52 // authorization = auth.next();
53 return true;
54 }
55
56 @Override
57 public boolean commit() throws LoginException {
58 Authorization authorization = (Authorization) sharedState.get(CmsAuthUtils.SHARED_STATE_AUTHORIZATION);
59 if (authorization == null)
60 throw new LoginException("Authorization should not be null");
61 CmsAuthUtils.addAuthentication(subject, authorization);
62 return true;
63 // // required for display name:
64 // subject.getPrivateCredentials().add(authorization);
65 //
66 // Set<Principal> principals = subject.getPrincipals();
67 // try {
68 // String authName = authorization.getName();
69 //
70 // // determine user's principal
71 // final LdapName name;
72 // final Principal userPrincipal;
73 // if (authName == null) {
74 // name = ROLE_ANONYMOUS_NAME;
75 // userPrincipal = ROLE_ANONYMOUS_PRINCIPAL;
76 // principals.add(userPrincipal);
77 // principals.add(new AnonymousPrincipal());
78 // } else {
79 // name = new LdapName(authName);
80 // checkUserName(name);
81 // userPrincipal = new X500Principal(name.toString());
82 // principals.add(userPrincipal);
83 // principals.add(new ImpliedByPrincipal(ROLE_USER_NAME,
84 // userPrincipal));
85 // }
86 //
87 // // Add roles provided by authorization
88 // for (String role : authorization.getRoles()) {
89 // LdapName roleName = new LdapName(role);
90 // if (roleName.equals(name)) {
91 // // skip
92 // } else {
93 // checkImpliedPrincipalName(roleName);
94 // principals.add(new ImpliedByPrincipal(roleName.toString(),
95 // userPrincipal));
96 // if (roleName.equals(ROLE_ADMIN_NAME))
97 // principals.add(new AdminPrincipal(SecurityConstants.ADMIN_ID));
98 // }
99 // }
100 //
101 // return true;
102 // } catch (InvalidNameException e) {
103 // throw new CmsException("Cannot commit", e);
104 // }
105 }
106
107 @Override
108 public boolean abort() throws LoginException {
109 cleanUp();
110 return true;
111 }
112
113 @Override
114 public boolean logout() throws LoginException {
115 if (subject == null)
116 throw new LoginException("Subject should not be null");
117 // Clean up principals
118 CmsAuthUtils.cleanUp(subject);
119 // Clean up private credentials
120 subject.getPrivateCredentials().clear();
121 cleanUp();
122 return true;
123 }
124
125 private void cleanUp() {
126 subject = null;
127 // authorization = null;
128 }
129
130 // private void checkUserName(LdapName name) {
131 // if (RESERVED_ROLES.contains(name))
132 // throw new CmsException(name + " is a reserved name");
133 // }
134 //
135 // private void checkImpliedPrincipalName(LdapName roleName) {
136 // if (ROLE_USER_NAME.equals(roleName) || ROLE_ANONYMOUS_NAME.equals(roleName))
137 // throw new CmsException(roleName + " cannot be listed as role");
138 // }
139 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi