1 package org
.argeo
.cms
.auth
;
3 import java
.util
.Locale
;
6 import javax
.naming
.ldap
.LdapName
;
7 import javax
.security
.auth
.Subject
;
8 import javax
.security
.auth
.callback
.CallbackHandler
;
9 import javax
.security
.auth
.kerberos
.KerberosPrincipal
;
10 import javax
.security
.auth
.login
.LoginException
;
11 import javax
.security
.auth
.spi
.LoginModule
;
12 import javax
.security
.auth
.x500
.X500Principal
;
14 import org
.argeo
.api
.acr
.ldap
.LdapAttr
;
15 import org
.argeo
.cms
.directory
.ldap
.IpaUtils
;
16 import org
.argeo
.cms
.internal
.runtime
.CmsContextImpl
;
17 import org
.argeo
.cms
.osgi
.useradmin
.OsUserUtils
;
18 import org
.osgi
.service
.useradmin
.Authorization
;
20 /** Login module for when the system is owned by a single user. */
21 public class SingleUserLoginModule
implements LoginModule
{
22 // private final static CmsLog log = CmsLog.getLog(SingleUserLoginModule.class);
24 private Subject subject
;
25 private Map
<String
, Object
> sharedState
= null;
27 @SuppressWarnings("unchecked")
29 public void initialize(Subject subject
, CallbackHandler callbackHandler
, Map
<String
, ?
> sharedState
,
30 Map
<String
, ?
> options
) {
31 this.subject
= subject
;
32 this.sharedState
= (Map
<String
, Object
>) sharedState
;
36 public boolean login() throws LoginException
{
37 String username
= System
.getProperty("user.name");
38 if (!sharedState
.containsKey(CmsAuthUtils
.SHARED_STATE_NAME
))
39 sharedState
.put(CmsAuthUtils
.SHARED_STATE_NAME
, username
);
44 public boolean commit() throws LoginException
{
45 String authorizationName
;
46 KerberosPrincipal kerberosPrincipal
= CmsAuthUtils
.getSinglePrincipal(subject
, KerberosPrincipal
.class);
47 if (kerberosPrincipal
!= null) {
48 LdapName userDn
= IpaUtils
.kerberosToDn(kerberosPrincipal
.getName());
49 X500Principal principal
= new X500Principal(userDn
.toString());
50 authorizationName
= principal
.getName();
52 Object username
= sharedState
.get(CmsAuthUtils
.SHARED_STATE_NAME
);
54 throw new LoginException("No username available");
55 String hostname
= CmsContextImpl
.getCmsContext().getCmsState().getHostname();
56 String baseDn
= ("." + hostname
).replaceAll("\\.", ",dc=");
57 X500Principal principal
= new X500Principal(LdapAttr
.uid
+ "=" + username
+ baseDn
);
58 authorizationName
= principal
.getName();
61 RemoteAuthRequest request
= (RemoteAuthRequest
) sharedState
.get(CmsAuthUtils
.SHARED_STATE_HTTP_REQUEST
);
62 Locale locale
= Locale
.getDefault();
64 locale
= request
.getLocale();
66 locale
= Locale
.getDefault();
67 Authorization authorization
= new SingleUserAuthorization(authorizationName
);
68 CmsAuthUtils
.addAuthorization(subject
, authorization
);
70 // Add standard Java OS login
71 OsUserUtils
.loginAsSystemUser(subject
);
73 // additional principals (must be after Authorization registration)
74 // Set<Principal> principals = subject.getPrincipals();
75 // principals.add(principal);
76 // principals.add(new ImpliedByPrincipal(NodeConstants.ROLE_ADMIN, principal));
77 // principals.add(new DataAdminPrincipal());
79 CmsAuthUtils
.registerSessionAuthorization(request
, subject
, authorization
, locale
);
85 public boolean abort() throws LoginException
{
90 public boolean logout() throws LoginException
{
91 CmsAuthUtils
.cleanUp(subject
);