X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FUserAdminLoginModule.java;h=0d8f8d62933847ee7e8e59189db0d75330ef22a6;hb=e872c7092361231a25bb2f1e1bfa078751d06dc9;hp=092a06b7778e8bd6ecbcff7b53293ce3494a36b2;hpb=52a45835da8cd816ac2e2b22ee9b84101fe8fb06;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java index 092a06b77..0d8f8d629 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java @@ -1,6 +1,6 @@ package org.argeo.cms.auth; -import static org.argeo.naming.LdapAttrs.cn; +import static org.argeo.util.naming.LdapAttrs.cn; import java.io.IOException; import java.security.PrivilegedAction; @@ -23,17 +23,15 @@ import javax.security.auth.kerberos.KerberosPrincipal; import javax.security.auth.login.CredentialNotFoundException; import javax.security.auth.login.LoginException; import javax.security.auth.spi.LoginModule; -import javax.servlet.http.HttpServletRequest; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.argeo.api.NodeConstants; -import org.argeo.api.security.CryptoKeyring; -import org.argeo.cms.internal.kernel.Activator; -import org.argeo.naming.LdapAttrs; + +import org.argeo.api.cms.CmsConstants; +import org.argeo.api.cms.CmsLog; +import org.argeo.cms.internal.runtime.CmsContextImpl; +import org.argeo.cms.security.CryptoKeyring; import org.argeo.osgi.useradmin.AuthenticatingUser; -import org.argeo.osgi.useradmin.IpaUtils; import org.argeo.osgi.useradmin.TokenUtils; +import org.argeo.util.directory.ldap.IpaUtils; +import org.argeo.util.naming.LdapAttrs; import org.osgi.framework.BundleContext; import org.osgi.framework.FrameworkUtil; import org.osgi.framework.ServiceReference; @@ -47,14 +45,14 @@ import org.osgi.service.useradmin.UserAdmin; * authentication. */ public class UserAdminLoginModule implements LoginModule { - private final static Log log = LogFactory.getLog(UserAdminLoginModule.class); + private final static CmsLog log = CmsLog.getLog(UserAdminLoginModule.class); private Subject subject; private CallbackHandler callbackHandler; private Map sharedState = null; - private List indexedUserProperties = Arrays - .asList(new String[] { LdapAttrs.mail.name(), LdapAttrs.uid.name(), LdapAttrs.authPassword.name() }); + private List indexedUserProperties = Arrays.asList(new String[] { LdapAttrs.mail.name(), + LdapAttrs.uid.name(), LdapAttrs.employeeNumber.name(), LdapAttrs.authPassword.name() }); // private state private BundleContext bc; @@ -81,7 +79,7 @@ public class UserAdminLoginModule implements LoginModule { @Override public boolean login() throws LoginException { - UserAdmin userAdmin = Activator.getUserAdmin(); + UserAdmin userAdmin = CmsContextImpl.getCmsContext().getUserAdmin(); final String username; final char[] password; Object certificateChain = null; @@ -213,7 +211,7 @@ public class UserAdminLoginModule implements LoginModule { // if (singleUser) { // OsUserUtils.loginAsSystemUser(subject); // } - UserAdmin userAdmin = Activator.getUserAdmin(); + UserAdmin userAdmin = CmsContextImpl.getCmsContext().getUserAdmin(); Authorization authorization; if (callbackHandler == null) {// anonymous authorization = userAdmin.getAuthorization(null); @@ -238,6 +236,8 @@ public class UserAdminLoginModule implements LoginModule { throw new LoginException("Kerberos login " + authenticatingUser.getName() + " is inconsistent with user admin login " + authenticatedUser.getName()); } + if (log.isTraceEnabled()) + log.trace("Retrieve authorization for " + authenticatingUser + "... "); authorization = Subject.doAs(subject, new PrivilegedAction() { @Override @@ -253,7 +253,7 @@ public class UserAdminLoginModule implements LoginModule { } // Log and monitor new login - HttpServletRequest request = (HttpServletRequest) sharedState.get(CmsAuthUtils.SHARED_STATE_HTTP_REQUEST); + RemoteAuthRequest request = (RemoteAuthRequest) sharedState.get(CmsAuthUtils.SHARED_STATE_HTTP_REQUEST); CmsAuthUtils.addAuthorization(subject, authorization); // Unlock keyring (underlying login to the JCR repository) @@ -338,7 +338,7 @@ public class UserAdminLoginModule implements LoginModule { } protected Group searchForToken(UserAdmin userAdmin, String token) { - String dn = cn + "=" + token + "," + NodeConstants.TOKENS_BASEDN; + String dn = cn + "=" + token + "," + CmsConstants.TOKENS_BASEDN; Group tokenGroup = (Group) userAdmin.getRole(dn); return tokenGroup; }