1 package org
.argeo
.cms
.auth
;
3 import java
.util
.Locale
;
6 import javax
.naming
.ldap
.LdapName
;
7 import javax
.security
.auth
.Subject
;
8 import javax
.security
.auth
.callback
.CallbackHandler
;
9 import javax
.security
.auth
.kerberos
.KerberosPrincipal
;
10 import javax
.security
.auth
.login
.CredentialException
;
11 import javax
.security
.auth
.login
.LoginException
;
12 import javax
.security
.auth
.spi
.LoginModule
;
13 import javax
.security
.auth
.x500
.X500Principal
;
15 import org
.argeo
.api
.acr
.ldap
.LdapAttr
;
16 import org
.argeo
.cms
.directory
.ldap
.IpaUtils
;
17 import org
.argeo
.cms
.internal
.runtime
.CmsContextImpl
;
18 import org
.argeo
.cms
.osgi
.useradmin
.OsUserUtils
;
19 import org
.osgi
.service
.useradmin
.Authorization
;
21 /** Login module for when the system is owned by a single user. */
22 public class SingleUserLoginModule
implements LoginModule
{
23 // private final static CmsLog log = CmsLog.getLog(SingleUserLoginModule.class);
25 private Subject subject
;
26 private Map
<String
, Object
> sharedState
= null;
28 @SuppressWarnings("unchecked")
30 public void initialize(Subject subject
, CallbackHandler callbackHandler
, Map
<String
, ?
> sharedState
,
31 Map
<String
, ?
> options
) {
32 this.subject
= subject
;
33 this.sharedState
= (Map
<String
, Object
>) sharedState
;
37 public boolean login() throws LoginException
{
38 String username
= System
.getProperty("user.name");
39 if (sharedState
.containsKey(CmsAuthUtils
.SHARED_STATE_OS_USERNAME
)
40 && !username
.equals(sharedState
.get(CmsAuthUtils
.SHARED_STATE_OS_USERNAME
)))
41 throw new CredentialException(
42 "OS username already set with " + sharedState
.get(CmsAuthUtils
.SHARED_STATE_OS_USERNAME
));
43 if (!sharedState
.containsKey(CmsAuthUtils
.SHARED_STATE_OS_USERNAME
))
44 sharedState
.put(CmsAuthUtils
.SHARED_STATE_OS_USERNAME
, username
);
49 public boolean commit() throws LoginException
{
50 String authorizationName
;
51 KerberosPrincipal kerberosPrincipal
= CmsAuthUtils
.getSinglePrincipal(subject
, KerberosPrincipal
.class);
52 if (kerberosPrincipal
!= null) {
53 LdapName userDn
= IpaUtils
.kerberosToDn(kerberosPrincipal
.getName());
54 X500Principal principal
= new X500Principal(userDn
.toString());
55 authorizationName
= principal
.getName();
57 Object username
= sharedState
.get(CmsAuthUtils
.SHARED_STATE_OS_USERNAME
);
59 throw new LoginException("No username available");
60 String hostname
= CmsContextImpl
.getCmsContext().getCmsState().getHostname();
61 String baseDn
= ("." + hostname
).replaceAll("\\.", ",dc=");
62 X500Principal principal
= new X500Principal(LdapAttr
.uid
+ "=" + username
+ baseDn
);
63 authorizationName
= principal
.getName();
66 RemoteAuthRequest request
= (RemoteAuthRequest
) sharedState
.get(CmsAuthUtils
.SHARED_STATE_HTTP_REQUEST
);
67 Locale locale
= Locale
.getDefault();
69 locale
= request
.getLocale();
71 locale
= Locale
.getDefault();
73 Authorization authorization
= null;
74 if (kerberosPrincipal
!= null) {
75 authorization
= new SingleUserAuthorization(authorizationName
);
76 CmsAuthUtils
.addAuthorization(subject
, authorization
);
78 // next step with user admin will properly populate
79 authorization
= new SingleUserAuthorization(authorizationName
);
80 CmsAuthUtils
.addAuthorization(subject
, authorization
);
83 // Add standard Java OS login
84 OsUserUtils
.loginAsSystemUser(subject
);
86 // additional principals (must be after Authorization registration)
87 // Set<Principal> principals = subject.getPrincipals();
88 // principals.add(principal);
89 // principals.add(new ImpliedByPrincipal(NodeConstants.ROLE_ADMIN, principal));
90 // principals.add(new DataAdminPrincipal());
92 if (authorization
!= null)
93 CmsAuthUtils
.registerSessionAuthorization(request
, subject
, authorization
, locale
);
99 public boolean abort() throws LoginException
{
104 public boolean logout() throws LoginException
{
105 CmsAuthUtils
.cleanUp(subject
);