Work on servlet securitxy integration.

[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / auth / UserAdminLoginModule.java

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
index 6a3ac97dfa76dfac6bd955edee1ef256790cdef2..54d328cc9787d329aa31ffc6512f3c4fa2036075 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
@@ -27,11 +27,11 @@ import javax.servlet.http.HttpServletRequest;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.argeo.api.NodeConstants;
+import org.argeo.api.security.CryptoKeyring;
 import org.argeo.cms.CmsException;
 import org.argeo.cms.internal.kernel.Activator;
 import org.argeo.naming.LdapAttrs;
-import org.argeo.node.NodeConstants;
-import org.argeo.node.security.CryptoKeyring;
 import org.argeo.osgi.useradmin.AuthenticatingUser;
 import org.argeo.osgi.useradmin.IpaUtils;
 import org.argeo.osgi.useradmin.OsUserUtils;
@@ -44,6 +44,10 @@ import org.osgi.service.useradmin.Group;
 import org.osgi.service.useradmin.User;
 import org.osgi.service.useradmin.UserAdmin;
 
+/**
+ * Use the {@link UserAdmin} in the OSGi registry as the basis for
+ * authentication.
+ */
 public class UserAdminLoginModule implements LoginModule {
        private final static Log log = LogFactory.getLog(UserAdminLoginModule.class);
 
@@ -224,7 +228,7 @@ public class UserAdminLoginModule implements LoginModule {
                                if (authenticatedUser == null) {
                                        if (log.isTraceEnabled())
                                                log.trace("Neither kerberos nor user admin login succeeded. Login failed.");
-                                       return false;
+                                       throw new CredentialNotFoundException("Bad credentials.");
                                } else {
                                        authenticatingUser = authenticatedUser;
                                }
@@ -354,7 +358,9 @@ public class UserAdminLoginModule implements LoginModule {
 //                             return null;
 //                     }
 //             }
-               Authorization auth = userAdmin.getAuthorization(tokenGroup);
+               String userDn = TokenUtils.userDn(tokenGroup);
+               User user = (User) userAdmin.getRole(userDn);
+               Authorization auth = userAdmin.getAuthorization(user);
                return auth;
        }
 }