X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FUserAdminLoginModule.java;h=269f509ed45d665ab4bb1b3dbcccefad21712d42;hb=12a285bfc5d33b64e39a1083a24b5d65515acf52;hp=237e074218ededa12e7d61c696adb550f1f1e32c;hpb=34ba1b915e1d406f6574c0be93e1e9da3eab1978;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java index 237e07421..269f509ed 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java @@ -2,8 +2,8 @@ package org.argeo.cms.auth; import java.io.IOException; import java.security.PrivilegedAction; -import java.util.ArrayList; import java.util.Arrays; +import java.util.HashSet; import java.util.List; import java.util.Locale; import java.util.Map; @@ -19,7 +19,6 @@ import javax.security.auth.callback.PasswordCallback; import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.auth.kerberos.KerberosPrincipal; import javax.security.auth.login.CredentialNotFoundException; -import javax.security.auth.login.FailedLoginException; import javax.security.auth.login.LoginException; import javax.security.auth.spi.LoginModule; import javax.servlet.http.HttpServletRequest; @@ -27,7 +26,6 @@ import javax.servlet.http.HttpServletRequest; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.argeo.cms.CmsException; -import org.argeo.eclipse.ui.specific.UiContext; import org.argeo.naming.LdapAttrs; import org.argeo.osgi.useradmin.IpaUtils; import org.osgi.framework.BundleContext; @@ -43,12 +41,13 @@ public class UserAdminLoginModule implements LoginModule { private CallbackHandler callbackHandler; private Map sharedState = null; - private List indexedUserProperties = Arrays - .asList(new String[] { LdapAttrs.uid.name(), LdapAttrs.mail.name(), LdapAttrs.cn.name() }); + private List indexedUserProperties = Arrays.asList( + new String[] { LdapAttrs.DN, LdapAttrs.mail.name(), LdapAttrs.uid.name(), LdapAttrs.authPassword.name() }); // private state private BundleContext bc; private User authenticatedUser = null; + private Locale locale; @SuppressWarnings("unchecked") @Override @@ -66,21 +65,7 @@ public class UserAdminLoginModule implements LoginModule { @Override public boolean login() throws LoginException { - // Authorization sharedAuth = (Authorization) - // sharedState.get(CmsAuthUtils.SHARED_STATE_AUTHORIZATION); - // if (sharedAuth != null) { - // if (callbackHandler == null && sharedAuth.getName() != null) - // throw new LoginException("Shared authorization should be anonymous"); - // return false; - // } UserAdmin userAdmin = bc.getService(bc.getServiceReference(UserAdmin.class)); - if (callbackHandler == null) {// anonymous - // authorization = userAdmin.getAuthorization(null); - // sharedState.put(CmsAuthUtils.SHARED_STATE_AUTHORIZATION, - // authorization); - return true; - } - final String username; final char[] password; if (sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME) @@ -89,10 +74,6 @@ public class UserAdminLoginModule implements LoginModule { username = (String) sharedState.get(CmsAuthUtils.SHARED_STATE_NAME); password = (char[]) sharedState.get(CmsAuthUtils.SHARED_STATE_PWD); // // TODO locale? - // // NB: raw user name is used - // AuthenticatingUser authenticatingUser = new - // AuthenticatingUser(username, password); - // authorization = userAdmin.getAuthorization(authenticatingUser); } else { // ask for username and password NameCallback nameCallback = new NameCallback("User"); @@ -107,10 +88,11 @@ public class UserAdminLoginModule implements LoginModule { } // i18n - Locale locale = langCallback.getLocale(); + locale = langCallback.getLocale(); if (locale == null) locale = Locale.getDefault(); - UiContext.setLocale(locale); + // FIXME add it to Subject + // UiContext.setLocale(locale); username = nameCallback.getName(); if (username == null || username.trim().equals("")) { @@ -129,7 +111,8 @@ public class UserAdminLoginModule implements LoginModule { return true;// expect Kerberos // throw new FailedLoginException("Invalid credentials"); if (!user.hasCredential(null, password)) - throw new FailedLoginException("Invalid credentials"); + return false; + // throw new FailedLoginException("Invalid credentials"); authenticatedUser = user; return true; } @@ -173,7 +156,7 @@ public class UserAdminLoginModule implements LoginModule { "User admin found no authorization for authenticated user " + authenticatingUser.getName()); } // Log and monitor new login - CmsAuthUtils.addAuthorization(subject, authorization, + CmsAuthUtils.addAuthorization(subject, authorization, locale, (HttpServletRequest) sharedState.get(CmsAuthUtils.SHARED_STATE_HTTP_REQUEST)); if (log.isDebugEnabled()) log.debug("Logged in to CMS: " + subject); @@ -187,8 +170,8 @@ public class UserAdminLoginModule implements LoginModule { @Override public boolean logout() throws LoginException { - if (log.isDebugEnabled()) - log.debug("Logging out from CMS... " + subject); + if (log.isTraceEnabled()) + log.trace("Logging out from CMS... " + subject); // boolean httpSessionLogoutOk = CmsAuthUtils.logoutSession(bc, // subject); CmsAuthUtils.cleanUp(subject); @@ -198,7 +181,7 @@ public class UserAdminLoginModule implements LoginModule { protected User searchForUser(UserAdmin userAdmin, String providedUsername) { try { // TODO check value null or empty - List collectedUsers = new ArrayList(); + Set collectedUsers = new HashSet<>(); // try dn User user = null; try { @@ -215,7 +198,7 @@ public class UserAdminLoginModule implements LoginModule { collectedUsers.add(user); } if (collectedUsers.size() == 1) - return collectedUsers.get(0); + return collectedUsers.iterator().next(); else if (collectedUsers.size() > 1) log.warn(collectedUsers.size() + " users for provided username" + providedUsername); return null;