]> git.argeo.org Git - lgpl/argeo-commons.git/blobdiff - org.argeo.cms/src/org/argeo/cms/auth/IpaLoginModule.java
projects / lgpl / argeo-commons.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Refactor http
[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / auth / IpaLoginModule.java
diff --git a/org.argeo.cms/src/org/argeo/cms/auth/IpaLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/IpaLoginModule.java
index 3ed4856196b65dc18c0b3ca3c7a7b880f0a0c39b..0cbdc7d5b64a18c274271b5ec4a2987699b2fa06 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/auth/IpaLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/IpaLoginModule.java
@@ -4,16 +4,16 @@ import java.security.PrivilegedAction;
 import java.util.Map;
 import java.util.Set;
 
-import javax.naming.InvalidNameException;
 import javax.naming.ldap.LdapName;
 import javax.security.auth.Subject;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.kerberos.KerberosPrincipal;
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
+import javax.servlet.http.HttpServletRequest;
 
 import org.argeo.cms.CmsException;
-import org.argeo.naming.LdapAttrs;
+import org.argeo.osgi.useradmin.IpaUtils;
 import org.osgi.framework.BundleContext;
 import org.osgi.framework.FrameworkUtil;
 import org.osgi.service.useradmin.Authorization;
@@ -22,11 +22,16 @@ import org.osgi.service.useradmin.UserAdmin;
 public class IpaLoginModule implements LoginModule {
        private BundleContext bc;
        private Subject subject;
+       private Map<String, Object> sharedState = null;
+       private CallbackHandler callbackHandler;
 
+       @SuppressWarnings("unchecked")
        @Override
        public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
                        Map<String, ?> options) {
                this.subject = subject;
+               this.sharedState = (Map<String, Object>) sharedState;
+               this.callbackHandler = callbackHandler;
                try {
                        bc = FrameworkUtil.getBundle(IpaLoginModule.class).getBundleContext();
                        assert bc != null;
@@ -46,10 +51,12 @@ public class IpaLoginModule implements LoginModule {
                Authorization authorization = null;
                Set<KerberosPrincipal> kerberosPrincipals = subject.getPrincipals(KerberosPrincipal.class);
                if (kerberosPrincipals.isEmpty()) {
+                       if(callbackHandler!=null)
+                               throw new LoginException("Cannot be anonymous if callback handler is set");
                        authorization = userAdmin.getAuthorization(null);
                } else {
                        KerberosPrincipal kerberosPrincipal = kerberosPrincipals.iterator().next();
-                       LdapName dn = kerberosToIpa(kerberosPrincipal);
+                       LdapName dn = IpaUtils.kerberosToDn(kerberosPrincipal.getName());
                        AuthenticatingUser authenticatingUser = new AuthenticatingUser(dn);
                        authorization = Subject.doAs(subject, new PrivilegedAction<Authorization>() {
 
@@ -64,24 +71,13 @@ public class IpaLoginModule implements LoginModule {
                if (authorization == null)
                        return false;
                CmsAuthUtils.addAuthentication(subject, authorization);
+               HttpServletRequest request = (HttpServletRequest) sharedState.get(CmsAuthUtils.SHARED_STATE_HTTP_REQUEST);
+               if (request != null) {
+                       CmsAuthUtils.registerSessionAuthorization(bc, request, subject, authorization);
+               }
                return true;
        }
 
-       private LdapName kerberosToIpa(KerberosPrincipal kerberosPrincipal) {
-               String[] kname = kerberosPrincipal.getName().split("@");
-               String username = kname[0];
-               String[] dcs = kname[1].split("\\.");
-               StringBuilder sb = new StringBuilder();
-               for (String dc : dcs) {
-                       sb.append(',').append(LdapAttrs.dc.name()).append('=').append(dc.toLowerCase());
-               }
-               String dn = LdapAttrs.uid + "=" + username + ",cn=users,cn=accounts" + sb;
-               try {
-                       return new LdapName(dn);
-               } catch (InvalidNameException e) {
-                       throw new CmsException("Badly formatted name for " + kerberosPrincipal + ": " + dn);
-               }
-       }
 
        @Override
        public boolean abort() throws LoginException {
@@ -91,8 +87,7 @@ public class IpaLoginModule implements LoginModule {
 
        @Override
        public boolean logout() throws LoginException {
-               // TODO Auto-generated method stub
-               return false;
+               return CmsAuthUtils.logoutSession(bc, subject);
        }
 
 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi