X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FUserAdminLoginModule.java;h=54d328cc9787d329aa31ffc6512f3c4fa2036075;hb=9e220ea5f945806f9fd8ef9f60ac7cf7b4b1edd1;hp=7297513c2849afe1ab98a2af95ef83691a27df48;hpb=31d7eccd2b0effdadaaa5b6349e5b6b6ea753e3c;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java index 7297513c2..54d328cc9 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java @@ -27,11 +27,11 @@ import javax.servlet.http.HttpServletRequest; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.argeo.api.NodeConstants; +import org.argeo.api.security.CryptoKeyring; import org.argeo.cms.CmsException; import org.argeo.cms.internal.kernel.Activator; import org.argeo.naming.LdapAttrs; -import org.argeo.node.NodeConstants; -import org.argeo.node.security.CryptoKeyring; import org.argeo.osgi.useradmin.AuthenticatingUser; import org.argeo.osgi.useradmin.IpaUtils; import org.argeo.osgi.useradmin.OsUserUtils; @@ -44,6 +44,10 @@ import org.osgi.service.useradmin.Group; import org.osgi.service.useradmin.User; import org.osgi.service.useradmin.UserAdmin; +/** + * Use the {@link UserAdmin} in the OSGi registry as the basis for + * authentication. + */ public class UserAdminLoginModule implements LoginModule { private final static Log log = LogFactory.getLog(UserAdminLoginModule.class); @@ -83,6 +87,7 @@ public class UserAdminLoginModule implements LoginModule { final String username; final char[] password; Object certificateChain = null; + boolean preauth = false; if (sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME) && sharedState.containsKey(CmsAuthUtils.SHARED_STATE_PWD)) { // NB: required by Basic http auth @@ -103,6 +108,12 @@ public class UserAdminLoginModule implements LoginModule { username = certDn; certificateChain = sharedState.get(CmsAuthUtils.SHARED_STATE_CERTIFICATE_CHAIN); password = null; + } else if (sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME) + && sharedState.containsKey(CmsAuthUtils.SHARED_STATE_REMOTE_ADDR) + && sharedState.containsKey(CmsAuthUtils.SHARED_STATE_REMOTE_PORT)) {// ident + username = (String) sharedState.get(CmsAuthUtils.SHARED_STATE_NAME); + password = null; + preauth = true; } else if (singleUser) { username = OsUserUtils.getOsUsername(); password = null; @@ -184,6 +195,8 @@ public class UserAdminLoginModule implements LoginModule { // is provided } else if (singleUser) { // TODO verify IP address? + } else if (preauth) { + // ident } else { throw new CredentialNotFoundException("No credentials provided"); } @@ -215,7 +228,7 @@ public class UserAdminLoginModule implements LoginModule { if (authenticatedUser == null) { if (log.isTraceEnabled()) log.trace("Neither kerberos nor user admin login succeeded. Login failed."); - return false; + throw new CredentialNotFoundException("Bad credentials."); } else { authenticatingUser = authenticatedUser; } @@ -243,7 +256,7 @@ public class UserAdminLoginModule implements LoginModule { // Log and monitor new login HttpServletRequest request = (HttpServletRequest) sharedState.get(CmsAuthUtils.SHARED_STATE_HTTP_REQUEST); - CmsAuthUtils.addAuthorization(subject, authorization, locale, request); + CmsAuthUtils.addAuthorization(subject, authorization); // Unlock keyring (underlying login to the JCR repository) char[] password = (char[]) sharedState.get(CmsAuthUtils.SHARED_STATE_PWD); @@ -345,7 +358,9 @@ public class UserAdminLoginModule implements LoginModule { // return null; // } // } - Authorization auth = userAdmin.getAuthorization(tokenGroup); + String userDn = TokenUtils.userDn(tokenGroup); + User user = (User) userAdmin.getRole(userDn); + Authorization auth = userAdmin.getAuthorization(user); return auth; } }