X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FSingleUserLoginModule.java;h=4d2cc33390183f406a8fd1a71b2552ae479936d5;hb=12a285bfc5d33b64e39a1083a24b5d65515acf52;hp=9b65f22ff33e57cce6247e0efd8541ccdc1702d8;hpb=0dfcfef53a629cf38bade4f8605c5b7e507c7436;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java index 9b65f22ff..4d2cc3339 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java @@ -1,43 +1,74 @@ package org.argeo.cms.auth; +import java.net.InetAddress; +import java.net.UnknownHostException; import java.security.Principal; import java.util.Map; import java.util.Set; +import javax.naming.ldap.LdapName; import javax.security.auth.Subject; import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.kerberos.KerberosPrincipal; import javax.security.auth.login.LoginException; import javax.security.auth.spi.LoginModule; import javax.security.auth.x500.X500Principal; -import org.apache.jackrabbit.core.security.SecurityConstants; -import org.apache.jackrabbit.core.security.principal.AdminPrincipal; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import org.argeo.cms.internal.auth.ImpliedByPrincipal; +import org.argeo.naming.LdapAttrs; +import org.argeo.node.NodeConstants; +import org.argeo.node.security.DataAdminPrincipal; +import org.argeo.osgi.useradmin.IpaUtils; + +public class SingleUserLoginModule implements LoginModule { + private final static Log log = LogFactory.getLog(SingleUserLoginModule.class); -public class SingleUserLoginModule implements LoginModule, AuthConstants { private Subject subject; + private Map sharedState = null; + @SuppressWarnings("unchecked") @Override - public void initialize(Subject subject, CallbackHandler callbackHandler, - Map sharedState, Map options) { + public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, + Map options) { this.subject = subject; + this.sharedState = (Map) sharedState; } @Override public boolean login() throws LoginException { + String username = System.getProperty("user.name"); + if (!sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME)) + sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, username); return true; } @Override public boolean commit() throws LoginException { - String username = System.getProperty("user.name"); - X500Principal principal = new X500Principal("uid=" + username - + ",dc=localhost,dc=localdomain"); + X500Principal principal; + KerberosPrincipal kerberosPrincipal = CmsAuthUtils.getSinglePrincipal(subject, KerberosPrincipal.class); + if (kerberosPrincipal != null) { + LdapName userDn = IpaUtils.kerberosToDn(kerberosPrincipal.getName()); + principal = new X500Principal(userDn.toString()); + } else { + Object username = sharedState.get(CmsAuthUtils.SHARED_STATE_NAME); + if (username == null) + throw new LoginException("No username available"); + String hostname; + try { + hostname = InetAddress.getLocalHost().getHostName(); + } catch (UnknownHostException e) { + log.warn("Using localhost as hostname", e); + hostname = "localhost"; + } + String baseDn = ("." + hostname).replaceAll("\\.", ",dc="); + principal = new X500Principal(LdapAttrs.uid + "=" + username + baseDn); + } Set principals = subject.getPrincipals(); principals.add(principal); - principals.add(new ImpliedByPrincipal(ROLE_ADMIN, principal)); - // Jackrabbit - principals.add(new AdminPrincipal(SecurityConstants.ADMIN_ID)); + principals.add(new ImpliedByPrincipal(NodeConstants.ROLE_ADMIN, principal)); + principals.add(new DataAdminPrincipal()); return true; }