org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java

   1 package org.argeo.cms.auth;
   2
   3 import java.net.InetAddress;
   4 import java.net.UnknownHostException;
   5 import java.util.Locale;
   6 import java.util.Map;
   7
   8 import javax.naming.ldap.LdapName;
   9 import javax.security.auth.Subject;
  10 import javax.security.auth.callback.CallbackHandler;
  11 import javax.security.auth.kerberos.KerberosPrincipal;
  12 import javax.security.auth.login.LoginException;
  13 import javax.security.auth.spi.LoginModule;
  14 import javax.security.auth.x500.X500Principal;
  15 import javax.servlet.http.HttpServletRequest;
  16
  17 import org.apache.commons.logging.Log;
  18 import org.apache.commons.logging.LogFactory;
  19 import org.argeo.naming.LdapAttrs;
  20 import org.argeo.osgi.useradmin.IpaUtils;
  21 import org.argeo.osgi.useradmin.OsUserUtils;
  22 import org.osgi.service.useradmin.Authorization;
  23
  24 /** Login module for when the system is owned by a single user. */
  25 public class SingleUserLoginModule implements LoginModule {
  26         private final static Log log = LogFactory.getLog(SingleUserLoginModule.class);
  27
  28         private Subject subject;
  29         private Map<String, Object> sharedState = null;
  30
  31         @SuppressWarnings("unchecked")
  32         @Override
  33         public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
  34                         Map<String, ?> options) {
  35                 this.subject = subject;
  36                 this.sharedState = (Map<String, Object>) sharedState;
  37         }
  38
  39         @Override
  40         public boolean login() throws LoginException {
  41                 String username = System.getProperty("user.name");
  42                 if (!sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME))
  43                         sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, username);
  44                 return true;
  45         }
  46
  47         @Override
  48         public boolean commit() throws LoginException {
  49                 String authorizationName;
  50                 KerberosPrincipal kerberosPrincipal = CmsAuthUtils.getSinglePrincipal(subject, KerberosPrincipal.class);
  51                 if (kerberosPrincipal != null) {
  52                         LdapName userDn = IpaUtils.kerberosToDn(kerberosPrincipal.getName());
  53                         X500Principal principal = new X500Principal(userDn.toString());
  54                         authorizationName = principal.getName();
  55                 } else {
  56                         Object username = sharedState.get(CmsAuthUtils.SHARED_STATE_NAME);
  57                         if (username == null)
  58                                 throw new LoginException("No username available");
  59                         String hostname;
  60                         try {
  61                                 hostname = InetAddress.getLocalHost().getHostName();
  62                         } catch (UnknownHostException e) {
  63                                 log.warn("Using localhost as hostname", e);
  64                                 hostname = "localhost";
  65                         }
  66                         String baseDn = ("." + hostname).replaceAll("\\.", ",dc=");
  67                         X500Principal principal = new X500Principal(LdapAttrs.uid + "=" + username + baseDn);
  68                         authorizationName = principal.getName();
  69                 }
  70
  71                 HttpServletRequest request = (HttpServletRequest) sharedState.get(CmsAuthUtils.SHARED_STATE_HTTP_REQUEST);
  72                 Locale locale = Locale.getDefault();
  73                 if (request != null)
  74                         locale = request.getLocale();
  75                 if (locale == null)
  76                         locale = Locale.getDefault();
  77                 Authorization authorization = new SingleUserAuthorization(authorizationName);
  78                 CmsAuthUtils.addAuthorization(subject, authorization);
  79
  80                 // Add standard Java OS login
  81                 OsUserUtils.loginAsSystemUser(subject);
  82
  83                 // additional principals (must be after Authorization registration)
  84 //              Set<Principal> principals = subject.getPrincipals();
  85 //              principals.add(principal);
  86 //              principals.add(new ImpliedByPrincipal(NodeConstants.ROLE_ADMIN, principal));
  87 //              principals.add(new DataAdminPrincipal());
  88
  89                 CmsAuthUtils.registerSessionAuthorization(request, subject, authorization, locale);
  90
  91                 return true;
  92         }
  93
  94         @Override
  95         public boolean abort() throws LoginException {
  96                 return true;
  97         }
  98
  99         @Override
 100         public boolean logout() throws LoginException {
 101                 CmsAuthUtils.cleanUp(subject);
 102                 return true;
 103         }
 104
 105 }