Add DN to indexed attributes

[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / auth / UserAdminLoginModule.java
diff --git a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java

index 237e074218ededa12e7d61c696adb550f1f1e32c..269f509ed45d665ab4bb1b3dbcccefad21712d42 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
@@ -2,8 +2,8 @@ package org.argeo.cms.auth;
  
  import java.io.IOException;
  import java.security.PrivilegedAction;
-import java.util.ArrayList;
  import java.util.Arrays;
+import java.util.HashSet;
  import java.util.List;
  import java.util.Locale;
  import java.util.Map;
@@ -19,7 +19,6 @@ import javax.security.auth.callback.PasswordCallback;
  import javax.security.auth.callback.UnsupportedCallbackException;
  import javax.security.auth.kerberos.KerberosPrincipal;
  import javax.security.auth.login.CredentialNotFoundException;
-import javax.security.auth.login.FailedLoginException;
  import javax.security.auth.login.LoginException;
  import javax.security.auth.spi.LoginModule;
  import javax.servlet.http.HttpServletRequest;
@@ -27,7 +26,6 @@ import javax.servlet.http.HttpServletRequest;
  import org.apache.commons.logging.Log;
  import org.apache.commons.logging.LogFactory;
  import org.argeo.cms.CmsException;
-import org.argeo.eclipse.ui.specific.UiContext;
  import org.argeo.naming.LdapAttrs;
  import org.argeo.osgi.useradmin.IpaUtils;
  import org.osgi.framework.BundleContext;
@@ -43,12 +41,13 @@ public class UserAdminLoginModule implements LoginModule {
         private CallbackHandler callbackHandler;
         private Map<String, Object> sharedState = null;
  
-       private List<String> indexedUserProperties = Arrays
-                       .asList(new String[] { LdapAttrs.uid.name(), LdapAttrs.mail.name(), LdapAttrs.cn.name() });
+       private List<String> indexedUserProperties = Arrays.asList(
+                       new String[] { LdapAttrs.DN, LdapAttrs.mail.name(), LdapAttrs.uid.name(), LdapAttrs.authPassword.name() });
  
         // private state
         private BundleContext bc;
         private User authenticatedUser = null;
+       private Locale locale;
  
         @SuppressWarnings("unchecked")
         @Override
@@ -66,21 +65,7 @@ public class UserAdminLoginModule implements LoginModule {
  
         @Override
         public boolean login() throws LoginException {
-               // Authorization sharedAuth = (Authorization)
-               // sharedState.get(CmsAuthUtils.SHARED_STATE_AUTHORIZATION);
-               // if (sharedAuth != null) {
-               // if (callbackHandler == null && sharedAuth.getName() != null)
-               // throw new LoginException("Shared authorization should be anonymous");
-               // return false;
-               // }
                 UserAdmin userAdmin = bc.getService(bc.getServiceReference(UserAdmin.class));
-               if (callbackHandler == null) {// anonymous
-                       // authorization = userAdmin.getAuthorization(null);
-                       // sharedState.put(CmsAuthUtils.SHARED_STATE_AUTHORIZATION,
-                       // authorization);
-                       return true;
-               }
-
                 final String username;
                 final char[] password;
                 if (sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME)
@@ -89,10 +74,6 @@ public class UserAdminLoginModule implements LoginModule {
                         username = (String) sharedState.get(CmsAuthUtils.SHARED_STATE_NAME);
                         password = (char[]) sharedState.get(CmsAuthUtils.SHARED_STATE_PWD);
                         // // TODO locale?
-                       // // NB: raw user name is used
-                       // AuthenticatingUser authenticatingUser = new
-                       // AuthenticatingUser(username, password);
-                       // authorization = userAdmin.getAuthorization(authenticatingUser);
                 } else {
                         // ask for username and password
                         NameCallback nameCallback = new NameCallback("User");
@@ -107,10 +88,11 @@ public class UserAdminLoginModule implements LoginModule {
                         }
  
                         // i18n
-                       Locale locale = langCallback.getLocale();
+                       locale = langCallback.getLocale();
                         if (locale == null)
                                 locale = Locale.getDefault();
-                       UiContext.setLocale(locale);
+                       // FIXME add it to Subject
+                       // UiContext.setLocale(locale);
  
                         username = nameCallback.getName();
                         if (username == null || username.trim().equals("")) {
@@ -129,7 +111,8 @@ public class UserAdminLoginModule implements LoginModule {
                         return true;// expect Kerberos
                 // throw new FailedLoginException("Invalid credentials");
                 if (!user.hasCredential(null, password))
-                       throw new FailedLoginException("Invalid credentials");
+                       return false;
+               // throw new FailedLoginException("Invalid credentials");
                 authenticatedUser = user;
                 return true;
         }
@@ -173,7 +156,7 @@ public class UserAdminLoginModule implements LoginModule {
                                                 "User admin found no authorization for authenticated user " + authenticatingUser.getName());
                 }
                 // Log and monitor new login
-               CmsAuthUtils.addAuthorization(subject, authorization,
+               CmsAuthUtils.addAuthorization(subject, authorization, locale,
                                 (HttpServletRequest) sharedState.get(CmsAuthUtils.SHARED_STATE_HTTP_REQUEST));
                 if (log.isDebugEnabled())
                         log.debug("Logged in to CMS: " + subject);
@@ -187,8 +170,8 @@ public class UserAdminLoginModule implements LoginModule {
  
         @Override
         public boolean logout() throws LoginException {
-               if (log.isDebugEnabled())
-                       log.debug("Logging out from CMS... " + subject);
+               if (log.isTraceEnabled())
+                       log.trace("Logging out from CMS... " + subject);
                 // boolean httpSessionLogoutOk = CmsAuthUtils.logoutSession(bc,
                 // subject);
                 CmsAuthUtils.cleanUp(subject);
@@ -198,7 +181,7 @@ public class UserAdminLoginModule implements LoginModule {
         protected User searchForUser(UserAdmin userAdmin, String providedUsername) {
                 try {
                         // TODO check value null or empty
-                       List<User> collectedUsers = new ArrayList<User>();
+                       Set<User> collectedUsers = new HashSet<>();
                         // try dn
                         User user = null;
                         try {
@@ -215,7 +198,7 @@ public class UserAdminLoginModule implements LoginModule {
                                         collectedUsers.add(user);
                         }
                         if (collectedUsers.size() == 1)
-                               return collectedUsers.get(0);
+                               return collectedUsers.iterator().next();
                         else if (collectedUsers.size() > 1)
                                 log.warn(collectedUsers.size() + " users for provided username" + providedUsername);
                         return null;