org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java

   1 package org.argeo.cms.auth;
   2
   3 import java.net.InetAddress;
   4 import java.net.UnknownHostException;
   5 import java.util.Locale;
   6 import java.util.Map;
   7
   8 import javax.naming.ldap.LdapName;
   9 import javax.security.auth.Subject;
  10 import javax.security.auth.callback.CallbackHandler;
  11 import javax.security.auth.kerberos.KerberosPrincipal;
  12 import javax.security.auth.login.LoginException;
  13 import javax.security.auth.spi.LoginModule;
  14 import javax.security.auth.x500.X500Principal;
  15
  16 import org.argeo.api.cms.CmsLog;
  17 import org.argeo.osgi.useradmin.OsUserUtils;
  18 import org.argeo.util.directory.ldap.IpaUtils;
  19 import org.argeo.util.naming.LdapAttrs;
  20 import org.osgi.service.useradmin.Authorization;
  21
  22 /** Login module for when the system is owned by a single user. */
  23 public class SingleUserLoginModule implements LoginModule {
  24         private final static CmsLog log = CmsLog.getLog(SingleUserLoginModule.class);
  25
  26         private Subject subject;
  27         private Map<String, Object> sharedState = null;
  28
  29         @SuppressWarnings("unchecked")
  30         @Override
  31         public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
  32                         Map<String, ?> options) {
  33                 this.subject = subject;
  34                 this.sharedState = (Map<String, Object>) sharedState;
  35         }
  36
  37         @Override
  38         public boolean login() throws LoginException {
  39                 String username = System.getProperty("user.name");
  40                 if (!sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME))
  41                         sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, username);
  42                 return true;
  43         }
  44
  45         @Override
  46         public boolean commit() throws LoginException {
  47                 String authorizationName;
  48                 KerberosPrincipal kerberosPrincipal = CmsAuthUtils.getSinglePrincipal(subject, KerberosPrincipal.class);
  49                 if (kerberosPrincipal != null) {
  50                         LdapName userDn = IpaUtils.kerberosToDn(kerberosPrincipal.getName());
  51                         X500Principal principal = new X500Principal(userDn.toString());
  52                         authorizationName = principal.getName();
  53                 } else {
  54                         Object username = sharedState.get(CmsAuthUtils.SHARED_STATE_NAME);
  55                         if (username == null)
  56                                 throw new LoginException("No username available");
  57                         String hostname;
  58                         try {
  59                                 hostname = InetAddress.getLocalHost().getHostName();
  60                         } catch (UnknownHostException e) {
  61                                 log.warn("Using localhost as hostname", e);
  62                                 hostname = "localhost";
  63                         }
  64                         String baseDn = ("." + hostname).replaceAll("\\.", ",dc=");
  65                         X500Principal principal = new X500Principal(LdapAttrs.uid + "=" + username + baseDn);
  66                         authorizationName = principal.getName();
  67                 }
  68
  69                 RemoteAuthRequest request = (RemoteAuthRequest) sharedState.get(CmsAuthUtils.SHARED_STATE_HTTP_REQUEST);
  70                 Locale locale = Locale.getDefault();
  71                 if (request != null)
  72                         locale = request.getLocale();
  73                 if (locale == null)
  74                         locale = Locale.getDefault();
  75                 Authorization authorization = new SingleUserAuthorization(authorizationName);
  76                 CmsAuthUtils.addAuthorization(subject, authorization);
  77
  78                 // Add standard Java OS login
  79                 OsUserUtils.loginAsSystemUser(subject);
  80
  81                 // additional principals (must be after Authorization registration)
  82 //              Set<Principal> principals = subject.getPrincipals();
  83 //              principals.add(principal);
  84 //              principals.add(new ImpliedByPrincipal(NodeConstants.ROLE_ADMIN, principal));
  85 //              principals.add(new DataAdminPrincipal());
  86
  87                 CmsAuthUtils.registerSessionAuthorization(request, subject, authorization, locale);
  88
  89                 return true;
  90         }
  91
  92         @Override
  93         public boolean abort() throws LoginException {
  94                 return true;
  95         }
  96
  97         @Override
  98         public boolean logout() throws LoginException {
  99                 CmsAuthUtils.cleanUp(subject);
 100                 return true;
 101         }
 102
 103 }