1 package org
.argeo
.cms
.auth
;
3 import java
.net
.InetAddress
;
4 import java
.net
.UnknownHostException
;
5 import java
.util
.Locale
;
8 import javax
.naming
.ldap
.LdapName
;
9 import javax
.security
.auth
.Subject
;
10 import javax
.security
.auth
.callback
.CallbackHandler
;
11 import javax
.security
.auth
.kerberos
.KerberosPrincipal
;
12 import javax
.security
.auth
.login
.LoginException
;
13 import javax
.security
.auth
.spi
.LoginModule
;
14 import javax
.security
.auth
.x500
.X500Principal
;
16 import org
.argeo
.api
.cms
.CmsLog
;
17 import org
.argeo
.osgi
.useradmin
.OsUserUtils
;
18 import org
.argeo
.util
.directory
.ldap
.IpaUtils
;
19 import org
.argeo
.util
.naming
.LdapAttrs
;
20 import org
.osgi
.service
.useradmin
.Authorization
;
22 /** Login module for when the system is owned by a single user. */
23 public class SingleUserLoginModule
implements LoginModule
{
24 private final static CmsLog log
= CmsLog
.getLog(SingleUserLoginModule
.class);
26 private Subject subject
;
27 private Map
<String
, Object
> sharedState
= null;
29 @SuppressWarnings("unchecked")
31 public void initialize(Subject subject
, CallbackHandler callbackHandler
, Map
<String
, ?
> sharedState
,
32 Map
<String
, ?
> options
) {
33 this.subject
= subject
;
34 this.sharedState
= (Map
<String
, Object
>) sharedState
;
38 public boolean login() throws LoginException
{
39 String username
= System
.getProperty("user.name");
40 if (!sharedState
.containsKey(CmsAuthUtils
.SHARED_STATE_NAME
))
41 sharedState
.put(CmsAuthUtils
.SHARED_STATE_NAME
, username
);
46 public boolean commit() throws LoginException
{
47 String authorizationName
;
48 KerberosPrincipal kerberosPrincipal
= CmsAuthUtils
.getSinglePrincipal(subject
, KerberosPrincipal
.class);
49 if (kerberosPrincipal
!= null) {
50 LdapName userDn
= IpaUtils
.kerberosToDn(kerberosPrincipal
.getName());
51 X500Principal principal
= new X500Principal(userDn
.toString());
52 authorizationName
= principal
.getName();
54 Object username
= sharedState
.get(CmsAuthUtils
.SHARED_STATE_NAME
);
56 throw new LoginException("No username available");
59 hostname
= InetAddress
.getLocalHost().getHostName();
60 } catch (UnknownHostException e
) {
61 log
.warn("Using localhost as hostname", e
);
62 hostname
= "localhost";
64 String baseDn
= ("." + hostname
).replaceAll("\\.", ",dc=");
65 X500Principal principal
= new X500Principal(LdapAttrs
.uid
+ "=" + username
+ baseDn
);
66 authorizationName
= principal
.getName();
69 RemoteAuthRequest request
= (RemoteAuthRequest
) sharedState
.get(CmsAuthUtils
.SHARED_STATE_HTTP_REQUEST
);
70 Locale locale
= Locale
.getDefault();
72 locale
= request
.getLocale();
74 locale
= Locale
.getDefault();
75 Authorization authorization
= new SingleUserAuthorization(authorizationName
);
76 CmsAuthUtils
.addAuthorization(subject
, authorization
);
78 // Add standard Java OS login
79 OsUserUtils
.loginAsSystemUser(subject
);
81 // additional principals (must be after Authorization registration)
82 // Set<Principal> principals = subject.getPrincipals();
83 // principals.add(principal);
84 // principals.add(new ImpliedByPrincipal(NodeConstants.ROLE_ADMIN, principal));
85 // principals.add(new DataAdminPrincipal());
87 CmsAuthUtils
.registerSessionAuthorization(request
, subject
, authorization
, locale
);
93 public boolean abort() throws LoginException
{
98 public boolean logout() throws LoginException
{
99 CmsAuthUtils
.cleanUp(subject
);