X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;ds=sidebyside;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FSingleUserLoginModule.java;h=cfffb6eea74e43a50dde96ff3e87e0288beb82b3;hb=091d43fef5f8e88c7081340138eb1bb33c5862a2;hp=4b36f28abb90f927df087b743f81c09852241319;hpb=e4a5502f49e2a2c35d16bbc96efdffead1362a76;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java index 4b36f28ab..cfffb6eea 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java @@ -7,6 +7,7 @@ import javax.naming.ldap.LdapName; import javax.security.auth.Subject; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.kerberos.KerberosPrincipal; +import javax.security.auth.login.CredentialException; import javax.security.auth.login.LoginException; import javax.security.auth.spi.LoginModule; import javax.security.auth.x500.X500Principal; @@ -35,8 +36,12 @@ public class SingleUserLoginModule implements LoginModule { @Override public boolean login() throws LoginException { String username = System.getProperty("user.name"); - if (!sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME)) - sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, username); + if (sharedState.containsKey(CmsAuthUtils.SHARED_STATE_OS_USERNAME) + && !username.equals(sharedState.get(CmsAuthUtils.SHARED_STATE_OS_USERNAME))) + throw new CredentialException( + "OS username already set with " + sharedState.get(CmsAuthUtils.SHARED_STATE_OS_USERNAME)); + if (!sharedState.containsKey(CmsAuthUtils.SHARED_STATE_OS_USERNAME)) + sharedState.put(CmsAuthUtils.SHARED_STATE_OS_USERNAME, username); return true; } @@ -49,7 +54,7 @@ public class SingleUserLoginModule implements LoginModule { X500Principal principal = new X500Principal(userDn.toString()); authorizationName = principal.getName(); } else { - Object username = sharedState.get(CmsAuthUtils.SHARED_STATE_NAME); + Object username = sharedState.get(CmsAuthUtils.SHARED_STATE_OS_USERNAME); if (username == null) throw new LoginException("No username available"); String hostname = CmsContextImpl.getCmsContext().getCmsState().getHostname(); @@ -64,8 +69,14 @@ public class SingleUserLoginModule implements LoginModule { locale = request.getLocale(); if (locale == null) locale = Locale.getDefault(); - Authorization authorization = new SingleUserAuthorization(authorizationName); - CmsAuthUtils.addAuthorization(subject, authorization); + + Authorization authorization = null; + if (kerberosPrincipal != null) { + authorization = new SingleUserAuthorization(authorizationName); + CmsAuthUtils.addAuthorization(subject, authorization); + } else { + // next step with user admin will properly populate + } // Add standard Java OS login OsUserUtils.loginAsSystemUser(subject); @@ -76,7 +87,8 @@ public class SingleUserLoginModule implements LoginModule { // principals.add(new ImpliedByPrincipal(NodeConstants.ROLE_ADMIN, principal)); // principals.add(new DataAdminPrincipal()); - CmsAuthUtils.registerSessionAuthorization(request, subject, authorization, locale); + if (authorization != null) + CmsAuthUtils.registerSessionAuthorization(request, subject, authorization, locale); return true; }