]> git.argeo.org Git - lgpl/argeo-commons.git/blob - org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Make tree view more robust
[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / auth / SingleUserLoginModule.java
1 package org.argeo.cms.auth;
2
3 import java.util.Locale;
4 import java.util.Map;
5
6 import javax.naming.ldap.LdapName;
7 import javax.security.auth.Subject;
8 import javax.security.auth.callback.CallbackHandler;
9 import javax.security.auth.kerberos.KerberosPrincipal;
10 import javax.security.auth.login.LoginException;
11 import javax.security.auth.spi.LoginModule;
12 import javax.security.auth.x500.X500Principal;
13
14 import org.argeo.cms.internal.runtime.CmsContextImpl;
15 import org.argeo.osgi.useradmin.OsUserUtils;
16 import org.argeo.util.directory.ldap.IpaUtils;
17 import org.argeo.util.naming.LdapAttrs;
18 import org.osgi.service.useradmin.Authorization;
19
20 /** Login module for when the system is owned by a single user. */
21 public class SingleUserLoginModule implements LoginModule {
22 // private final static CmsLog log = CmsLog.getLog(SingleUserLoginModule.class);
23
24 private Subject subject;
25 private Map<String, Object> sharedState = null;
26
27 @SuppressWarnings("unchecked")
28 @Override
29 public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
30 Map<String, ?> options) {
31 this.subject = subject;
32 this.sharedState = (Map<String, Object>) sharedState;
33 }
34
35 @Override
36 public boolean login() throws LoginException {
37 String username = System.getProperty("user.name");
38 if (!sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME))
39 sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, username);
40 return true;
41 }
42
43 @Override
44 public boolean commit() throws LoginException {
45 String authorizationName;
46 KerberosPrincipal kerberosPrincipal = CmsAuthUtils.getSinglePrincipal(subject, KerberosPrincipal.class);
47 if (kerberosPrincipal != null) {
48 LdapName userDn = IpaUtils.kerberosToDn(kerberosPrincipal.getName());
49 X500Principal principal = new X500Principal(userDn.toString());
50 authorizationName = principal.getName();
51 } else {
52 Object username = sharedState.get(CmsAuthUtils.SHARED_STATE_NAME);
53 if (username == null)
54 throw new LoginException("No username available");
55 String hostname = CmsContextImpl.getCmsContext().getCmsState().getHostname();
56 String baseDn = ("." + hostname).replaceAll("\\.", ",dc=");
57 X500Principal principal = new X500Principal(LdapAttrs.uid + "=" + username + baseDn);
58 authorizationName = principal.getName();
59 }
60
61 RemoteAuthRequest request = (RemoteAuthRequest) sharedState.get(CmsAuthUtils.SHARED_STATE_HTTP_REQUEST);
62 Locale locale = Locale.getDefault();
63 if (request != null)
64 locale = request.getLocale();
65 if (locale == null)
66 locale = Locale.getDefault();
67 Authorization authorization = new SingleUserAuthorization(authorizationName);
68 CmsAuthUtils.addAuthorization(subject, authorization);
69
70 // Add standard Java OS login
71 OsUserUtils.loginAsSystemUser(subject);
72
73 // additional principals (must be after Authorization registration)
74 // Set<Principal> principals = subject.getPrincipals();
75 // principals.add(principal);
76 // principals.add(new ImpliedByPrincipal(NodeConstants.ROLE_ADMIN, principal));
77 // principals.add(new DataAdminPrincipal());
78
79 CmsAuthUtils.registerSessionAuthorization(request, subject, authorization, locale);
80
81 return true;
82 }
83
84 @Override
85 public boolean abort() throws LoginException {
86 return true;
87 }
88
89 @Override
90 public boolean logout() throws LoginException {
91 CmsAuthUtils.cleanUp(subject);
92 return true;
93 }
94
95 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi