org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java

   1 package org.argeo.cms.auth;
   2
   3 import java.net.InetAddress;
   4 import java.net.UnknownHostException;
   5 import java.security.Principal;
   6 import java.util.Locale;
   7 import java.util.Map;
   8 import java.util.Set;
   9
  10 import javax.naming.ldap.LdapName;
  11 import javax.security.auth.Subject;
  12 import javax.security.auth.callback.CallbackHandler;
  13 import javax.security.auth.kerberos.KerberosPrincipal;
  14 import javax.security.auth.login.LoginException;
  15 import javax.security.auth.spi.LoginModule;
  16 import javax.security.auth.x500.X500Principal;
  17 import javax.servlet.http.HttpServletRequest;
  18
  19 import org.apache.commons.logging.Log;
  20 import org.apache.commons.logging.LogFactory;
  21 import org.argeo.api.NodeConstants;
  22 import org.argeo.api.security.DataAdminPrincipal;
  23 import org.argeo.cms.internal.auth.ImpliedByPrincipal;
  24 import org.argeo.naming.LdapAttrs;
  25 import org.argeo.osgi.useradmin.IpaUtils;
  26 import org.osgi.service.useradmin.Authorization;
  27
  28 /** Login module for when the system is owned by a single user. */
  29 public class SingleUserLoginModule implements LoginModule {
  30         private final static Log log = LogFactory.getLog(SingleUserLoginModule.class);
  31
  32         private Subject subject;
  33         private Map<String, Object> sharedState = null;
  34
  35         @SuppressWarnings("unchecked")
  36         @Override
  37         public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
  38                         Map<String, ?> options) {
  39                 this.subject = subject;
  40                 this.sharedState = (Map<String, Object>) sharedState;
  41         }
  42
  43         @Override
  44         public boolean login() throws LoginException {
  45                 String username = System.getProperty("user.name");
  46                 if (!sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME))
  47                         sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, username);
  48                 return true;
  49         }
  50
  51         @Override
  52         public boolean commit() throws LoginException {
  53                 X500Principal principal;
  54                 KerberosPrincipal kerberosPrincipal = CmsAuthUtils.getSinglePrincipal(subject, KerberosPrincipal.class);
  55                 if (kerberosPrincipal != null) {
  56                         LdapName userDn = IpaUtils.kerberosToDn(kerberosPrincipal.getName());
  57                         principal = new X500Principal(userDn.toString());
  58                 } else {
  59                         Object username = sharedState.get(CmsAuthUtils.SHARED_STATE_NAME);
  60                         if (username == null)
  61                                 throw new LoginException("No username available");
  62                         String hostname;
  63                         try {
  64                                 hostname = InetAddress.getLocalHost().getHostName();
  65                         } catch (UnknownHostException e) {
  66                                 log.warn("Using localhost as hostname", e);
  67                                 hostname = "localhost";
  68                         }
  69                         String baseDn = ("." + hostname).replaceAll("\\.", ",dc=");
  70                         principal = new X500Principal(LdapAttrs.uid + "=" + username + baseDn);
  71                 }
  72                 Set<Principal> principals = subject.getPrincipals();
  73                 principals.add(principal);
  74                 principals.add(new ImpliedByPrincipal(NodeConstants.ROLE_ADMIN, principal));
  75                 principals.add(new DataAdminPrincipal());
  76
  77                 HttpServletRequest request = (HttpServletRequest) sharedState.get(CmsAuthUtils.SHARED_STATE_HTTP_REQUEST);
  78                 Locale locale = Locale.getDefault();
  79                 if (request != null)
  80                         locale = request.getLocale();
  81                 if (locale == null)
  82                         locale = Locale.getDefault();
  83                 Authorization authorization = new SingleUserAuthorization();
  84                 CmsAuthUtils.addAuthorization(subject, authorization);
  85                 CmsAuthUtils.registerSessionAuthorization(request, subject, authorization, locale);
  86
  87                 return true;
  88         }
  89
  90         @Override
  91         public boolean abort() throws LoginException {
  92                 return true;
  93         }
  94
  95         @Override
  96         public boolean logout() throws LoginException {
  97                 CmsAuthUtils.cleanUp(subject);
  98                 return true;
  99         }
 100
 101 }