]> git.argeo.org Git - lgpl/argeo-commons.git/blobdiff - org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
projects / lgpl / argeo-commons.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add variables to RCP's Dummy RWT
[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / auth / UserAdminLoginModule.java
diff --git a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
index e9938763927bc57b1e1e39ed549820e0c9a60c2d..4862c57ac03a0faf0ddc5cb0e4f14f2e298f2562 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
@@ -27,11 +27,15 @@ import javax.servlet.http.HttpServletRequest;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.argeo.cms.CmsException;
+import org.argeo.cms.internal.kernel.Activator;
 import org.argeo.naming.LdapAttrs;
+import org.argeo.node.security.CryptoKeyring;
 import org.argeo.osgi.useradmin.AuthenticatingUser;
 import org.argeo.osgi.useradmin.IpaUtils;
+import org.argeo.osgi.useradmin.OsUserUtils;
 import org.osgi.framework.BundleContext;
 import org.osgi.framework.FrameworkUtil;
+import org.osgi.framework.ServiceReference;
 import org.osgi.service.useradmin.Authorization;
 import org.osgi.service.useradmin.User;
 import org.osgi.service.useradmin.UserAdmin;
@@ -53,6 +57,8 @@ public class UserAdminLoginModule implements LoginModule {
 
        private Authorization bindAuthorization = null;
 
+       private boolean singleUser = Activator.isSingleUser();
+
        @SuppressWarnings("unchecked")
        @Override
        public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
@@ -69,7 +75,7 @@ public class UserAdminLoginModule implements LoginModule {
 
        @Override
        public boolean login() throws LoginException {
-               UserAdmin userAdmin = bc.getService(bc.getServiceReference(UserAdmin.class));
+               UserAdmin userAdmin = Activator.getUserAdmin();
                final String username;
                final char[] password;
                X509Certificate[] certificateChain = null;
@@ -85,7 +91,11 @@ public class UserAdminLoginModule implements LoginModule {
                        username = (String) sharedState.get(CmsAuthUtils.SHARED_STATE_NAME);
                        certificateChain = (X509Certificate[]) sharedState.get(CmsAuthUtils.SHARED_STATE_CERTIFICATE_CHAIN);
                        password = null;
+               } else if (singleUser) {
+                       username = OsUserUtils.getOsUsername();
+                       password = null;
                } else {
+
                        // ask for username and password
                        NameCallback nameCallback = new NameCallback("User");
                        PasswordCallback passwordCallback = new PasswordCallback("Password", false);
@@ -114,6 +124,8 @@ public class UserAdminLoginModule implements LoginModule {
                                password = passwordCallback.getPassword();
                        else
                                throw new CredentialNotFoundException("No credentials provided");
+                       sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, username);
+                       sharedState.put(CmsAuthUtils.SHARED_STATE_PWD, password);
                }
                User user = searchForUser(userAdmin, username);
                if (user == null)
@@ -141,8 +153,11 @@ public class UserAdminLoginModule implements LoginModule {
                        }
                } else if (certificateChain != null) {
                        // TODO check CRLs/OSCP validity?
-                       // NB: authorization in commit() will work only if an LDAP connection password is provided
-               }else {
+                       // NB: authorization in commit() will work only if an LDAP connection password
+                       // is provided
+               } else if (singleUser) {
+                       // TODO verify IP address?
+               } else {
                        throw new CredentialNotFoundException("No credentials provided");
                }
 
@@ -152,7 +167,15 @@ public class UserAdminLoginModule implements LoginModule {
 
        @Override
        public boolean commit() throws LoginException {
-               UserAdmin userAdmin = bc.getService(bc.getServiceReference(UserAdmin.class));
+               if (locale == null)
+                       subject.getPublicCredentials().add(Locale.getDefault());
+               else
+                       subject.getPublicCredentials().add(locale);
+
+               if (singleUser) {
+                       OsUserUtils.loginAsSystemUser(subject);
+               }
+               UserAdmin userAdmin = Activator.getUserAdmin();
                Authorization authorization;
                if (callbackHandler == null) {// anonymous
                        authorization = userAdmin.getAuthorization(null);
@@ -190,9 +213,38 @@ public class UserAdminLoginModule implements LoginModule {
                                throw new LoginException(
                                                "User admin found no authorization for authenticated user " + authenticatingUser.getName());
                }
+
                // Log and monitor new login
-               CmsAuthUtils.addAuthorization(subject, authorization, locale,
-                               (HttpServletRequest) sharedState.get(CmsAuthUtils.SHARED_STATE_HTTP_REQUEST));
+               HttpServletRequest request = (HttpServletRequest) sharedState.get(CmsAuthUtils.SHARED_STATE_HTTP_REQUEST);
+               CmsAuthUtils.addAuthorization(subject, authorization, locale, request);
+
+               // Unlock keyring (underlying login to the JCR repository)
+               char[] password = (char[]) sharedState.get(CmsAuthUtils.SHARED_STATE_PWD);
+               if (password != null) {
+                       ServiceReference<CryptoKeyring> keyringSr = bc.getServiceReference(CryptoKeyring.class);
+                       if (keyringSr != null) {
+                               CryptoKeyring keyring = bc.getService(keyringSr);
+                               Subject.doAs(subject, new PrivilegedAction<Void>() {
+
+                                       @Override
+                                       public Void run() {
+                                               try {
+                                                       keyring.unlock(password);
+                                               } catch (Exception e) {
+                                                       e.printStackTrace();
+                                                       log.warn("Could not unlock keyring with the password provided by " + authorization.getName()
+                                                                       + ": " + e.getMessage());
+                                               }
+                                               return null;
+                                       }
+
+                               });
+                       }
+               }
+
+               // Register CmsSession with initial subject
+               CmsAuthUtils.registerSessionAuthorization(request, subject, authorization, locale);
+
                if (log.isDebugEnabled())
                        log.debug("Logged in to CMS: " + subject);
                return true;
Argeo Commons - Lightweight integration framework in pure Java/OSGi