]> git.argeo.org Git - lgpl/argeo-commons.git/blobdiff - org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
projects / lgpl / argeo-commons.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add DN to indexed attributes
[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / auth / UserAdminLoginModule.java
diff --git a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
index 52ac0970bf7cbb28c69af37cf283cc25d2e3e26c..269f509ed45d665ab4bb1b3dbcccefad21712d42 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
@@ -2,8 +2,8 @@ package org.argeo.cms.auth;
 
 import java.io.IOException;
 import java.security.PrivilegedAction;
-import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
@@ -19,7 +19,6 @@ import javax.security.auth.callback.PasswordCallback;
 import javax.security.auth.callback.UnsupportedCallbackException;
 import javax.security.auth.kerberos.KerberosPrincipal;
 import javax.security.auth.login.CredentialNotFoundException;
-import javax.security.auth.login.FailedLoginException;
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
 import javax.servlet.http.HttpServletRequest;
@@ -42,8 +41,8 @@ public class UserAdminLoginModule implements LoginModule {
        private CallbackHandler callbackHandler;
        private Map<String, Object> sharedState = null;
 
-       private List<String> indexedUserProperties = Arrays
-                       .asList(new String[] { LdapAttrs.uid.name(), LdapAttrs.mail.name(), LdapAttrs.cn.name() });
+       private List<String> indexedUserProperties = Arrays.asList(
+                       new String[] { LdapAttrs.DN, LdapAttrs.mail.name(), LdapAttrs.uid.name(), LdapAttrs.authPassword.name() });
 
        // private state
        private BundleContext bc;
@@ -66,21 +65,7 @@ public class UserAdminLoginModule implements LoginModule {
 
        @Override
        public boolean login() throws LoginException {
-               // Authorization sharedAuth = (Authorization)
-               // sharedState.get(CmsAuthUtils.SHARED_STATE_AUTHORIZATION);
-               // if (sharedAuth != null) {
-               // if (callbackHandler == null && sharedAuth.getName() != null)
-               // throw new LoginException("Shared authorization should be anonymous");
-               // return false;
-               // }
                UserAdmin userAdmin = bc.getService(bc.getServiceReference(UserAdmin.class));
-               if (callbackHandler == null) {// anonymous
-                       // authorization = userAdmin.getAuthorization(null);
-                       // sharedState.put(CmsAuthUtils.SHARED_STATE_AUTHORIZATION,
-                       // authorization);
-                       return true;
-               }
-
                final String username;
                final char[] password;
                if (sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME)
@@ -89,10 +74,6 @@ public class UserAdminLoginModule implements LoginModule {
                        username = (String) sharedState.get(CmsAuthUtils.SHARED_STATE_NAME);
                        password = (char[]) sharedState.get(CmsAuthUtils.SHARED_STATE_PWD);
                        // // TODO locale?
-                       // // NB: raw user name is used
-                       // AuthenticatingUser authenticatingUser = new
-                       // AuthenticatingUser(username, password);
-                       // authorization = userAdmin.getAuthorization(authenticatingUser);
                } else {
                        // ask for username and password
                        NameCallback nameCallback = new NameCallback("User");
@@ -130,7 +111,8 @@ public class UserAdminLoginModule implements LoginModule {
                        return true;// expect Kerberos
                // throw new FailedLoginException("Invalid credentials");
                if (!user.hasCredential(null, password))
-                       throw new FailedLoginException("Invalid credentials");
+                       return false;
+               // throw new FailedLoginException("Invalid credentials");
                authenticatedUser = user;
                return true;
        }
@@ -199,7 +181,7 @@ public class UserAdminLoginModule implements LoginModule {
        protected User searchForUser(UserAdmin userAdmin, String providedUsername) {
                try {
                        // TODO check value null or empty
-                       List<User> collectedUsers = new ArrayList<User>();
+                       Set<User> collectedUsers = new HashSet<>();
                        // try dn
                        User user = null;
                        try {
@@ -216,7 +198,7 @@ public class UserAdminLoginModule implements LoginModule {
                                        collectedUsers.add(user);
                        }
                        if (collectedUsers.size() == 1)
-                               return collectedUsers.get(0);
+                               return collectedUsers.iterator().next();
                        else if (collectedUsers.size() > 1)
                                log.warn(collectedUsers.size() + " users for provided username" + providedUsername);
                        return null;
Argeo Commons - Lightweight integration framework in pure Java/OSGi