import static org.argeo.api.acr.ldap.LdapAttr.cn;
import java.io.IOException;
+import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.Arrays;
import java.util.HashSet;
private CallbackHandler callbackHandler;
private Map<String, Object> sharedState = null;
- private List<String> indexedUserProperties = Arrays.asList(new String[] { LdapAttr.mail.name(),
- LdapAttr.uid.name(), LdapAttr.employeeNumber.name(), LdapAttr.authPassword.name() });
+ private List<String> indexedUserProperties = Arrays.asList(new String[] { LdapAttr.mail.name(), LdapAttr.uid.name(),
+ LdapAttr.employeeNumber.name(), LdapAttr.authPassword.name() });
// private state
// private BundleContext bc;
username = (String) sharedState.get(CmsAuthUtils.SHARED_STATE_NAME);
password = null;
preauth = true;
+ } else if (sharedState.containsKey(CmsAuthUtils.SHARED_STATE_OS_USERNAME)) {
+ // single user, we assume Kerberos or other mean for commit
+ username = (String) sharedState.get(CmsAuthUtils.SHARED_STATE_OS_USERNAME);
+ password = null;
+ preauth = true;
} else {
// ask for username and password
return true;// expect Kerberos
if (password != null) {
- // TODO disabling bind for the time being,
+ // TODO disabling bind for the time being,
// as it requires authorisations to be set at LDAP level
boolean tryBind = false;
// try bind first
// }
UserAdmin userAdmin = CmsContextImpl.getCmsContext().getUserAdmin();
Authorization authorization;
- if (callbackHandler == null) {// anonymous
+ if (callbackHandler == null && !sharedState.containsKey(CmsAuthUtils.SHARED_STATE_OS_USERNAME)) {// anonymous
authorization = userAdmin.getAuthorization(null);
} else if (bindAuthorization != null) {// bind
authorization = bindAuthorization;
// Register CmsSession with initial subject
CmsAuthUtils.registerSessionAuthorization(request, subject, authorization, locale);
- if (log.isDebugEnabled())
- log.debug("Logged in to CMS: " + subject);
+ if (log.isDebugEnabled()) {
+ StringBuilder msg = new StringBuilder();
+ msg.append("Logged in to CMS: '" + authorization + "' (" + authorization.getName() + ")\n");
+ if (log.isTraceEnabled()) {
+ for (Principal principal : subject.getPrincipals()) {
+ msg.append(" Principal: " + principal.getName()).append(" (")
+ .append(principal.getClass().getSimpleName()).append(")\n");
+ }
+ for (Object credential : subject.getPublicCredentials()) {
+ msg.append(" Public Credential: " + credential).append(" (")
+ .append(credential.getClass().getSimpleName()).append(")\n");
+ }
+ }
+ log.debug(msg);
+ }
+// if (log.isTraceEnabled())
+// log.trace(" Subject: " + subject);
return true;
}