1 package org
.argeo
.cms
.auth
;
3 import java
.net
.InetAddress
;
4 import java
.net
.UnknownHostException
;
5 import java
.security
.Principal
;
6 import java
.util
.Locale
;
10 import javax
.naming
.ldap
.LdapName
;
11 import javax
.security
.auth
.Subject
;
12 import javax
.security
.auth
.callback
.CallbackHandler
;
13 import javax
.security
.auth
.kerberos
.KerberosPrincipal
;
14 import javax
.security
.auth
.login
.LoginException
;
15 import javax
.security
.auth
.spi
.LoginModule
;
16 import javax
.security
.auth
.x500
.X500Principal
;
17 import javax
.servlet
.http
.HttpServletRequest
;
19 import org
.apache
.commons
.logging
.Log
;
20 import org
.apache
.commons
.logging
.LogFactory
;
21 import org
.argeo
.api
.NodeConstants
;
22 import org
.argeo
.api
.security
.DataAdminPrincipal
;
23 import org
.argeo
.cms
.internal
.auth
.ImpliedByPrincipal
;
24 import org
.argeo
.naming
.LdapAttrs
;
25 import org
.argeo
.osgi
.useradmin
.IpaUtils
;
26 import org
.osgi
.service
.useradmin
.Authorization
;
28 /** Login module for when the system is owned by a single user. */
29 public class SingleUserLoginModule
implements LoginModule
{
30 private final static Log log
= LogFactory
.getLog(SingleUserLoginModule
.class);
32 private Subject subject
;
33 private Map
<String
, Object
> sharedState
= null;
35 @SuppressWarnings("unchecked")
37 public void initialize(Subject subject
, CallbackHandler callbackHandler
, Map
<String
, ?
> sharedState
,
38 Map
<String
, ?
> options
) {
39 this.subject
= subject
;
40 this.sharedState
= (Map
<String
, Object
>) sharedState
;
44 public boolean login() throws LoginException
{
45 String username
= System
.getProperty("user.name");
46 if (!sharedState
.containsKey(CmsAuthUtils
.SHARED_STATE_NAME
))
47 sharedState
.put(CmsAuthUtils
.SHARED_STATE_NAME
, username
);
52 public boolean commit() throws LoginException
{
53 X500Principal principal
;
54 KerberosPrincipal kerberosPrincipal
= CmsAuthUtils
.getSinglePrincipal(subject
, KerberosPrincipal
.class);
55 if (kerberosPrincipal
!= null) {
56 LdapName userDn
= IpaUtils
.kerberosToDn(kerberosPrincipal
.getName());
57 principal
= new X500Principal(userDn
.toString());
59 Object username
= sharedState
.get(CmsAuthUtils
.SHARED_STATE_NAME
);
61 throw new LoginException("No username available");
64 hostname
= InetAddress
.getLocalHost().getHostName();
65 } catch (UnknownHostException e
) {
66 log
.warn("Using localhost as hostname", e
);
67 hostname
= "localhost";
69 String baseDn
= ("." + hostname
).replaceAll("\\.", ",dc=");
70 principal
= new X500Principal(LdapAttrs
.uid
+ "=" + username
+ baseDn
);
72 Set
<Principal
> principals
= subject
.getPrincipals();
73 principals
.add(principal
);
74 principals
.add(new ImpliedByPrincipal(NodeConstants
.ROLE_ADMIN
, principal
));
75 principals
.add(new DataAdminPrincipal());
77 HttpServletRequest request
= (HttpServletRequest
) sharedState
.get(CmsAuthUtils
.SHARED_STATE_HTTP_REQUEST
);
78 Locale locale
= Locale
.getDefault();
80 locale
= request
.getLocale();
82 locale
= Locale
.getDefault();
83 Authorization authorization
= new SingleUserAuthorization();
84 CmsAuthUtils
.addAuthorization(subject
, authorization
);
85 CmsAuthUtils
.registerSessionAuthorization(request
, subject
, authorization
, locale
);
91 public boolean abort() throws LoginException
{
96 public boolean logout() throws LoginException
{
97 CmsAuthUtils
.cleanUp(subject
);