org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java

   1 package org.argeo.cms.auth;
   2
   3 import java.util.Locale;
   4 import java.util.Map;
   5
   6 import javax.naming.ldap.LdapName;
   7 import javax.security.auth.Subject;
   8 import javax.security.auth.callback.CallbackHandler;
   9 import javax.security.auth.kerberos.KerberosPrincipal;
  10 import javax.security.auth.login.CredentialException;
  11 import javax.security.auth.login.LoginException;
  12 import javax.security.auth.spi.LoginModule;
  13 import javax.security.auth.x500.X500Principal;
  14
  15 import org.argeo.api.acr.ldap.LdapAttr;
  16 import org.argeo.cms.directory.ldap.IpaUtils;
  17 import org.argeo.cms.internal.runtime.CmsContextImpl;
  18 import org.argeo.cms.osgi.useradmin.OsUserUtils;
  19 import org.osgi.service.useradmin.Authorization;
  20
  21 /** Login module for when the system is owned by a single user. */
  22 public class SingleUserLoginModule implements LoginModule {
  23 //      private final static CmsLog log = CmsLog.getLog(SingleUserLoginModule.class);
  24
  25         private Subject subject;
  26         private Map<String, Object> sharedState = null;
  27
  28         @SuppressWarnings("unchecked")
  29         @Override
  30         public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
  31                         Map<String, ?> options) {
  32                 this.subject = subject;
  33                 this.sharedState = (Map<String, Object>) sharedState;
  34         }
  35
  36         @Override
  37         public boolean login() throws LoginException {
  38                 String username = System.getProperty("user.name");
  39                 if (sharedState.containsKey(CmsAuthUtils.SHARED_STATE_OS_USERNAME)
  40                                 && !username.equals(sharedState.get(CmsAuthUtils.SHARED_STATE_OS_USERNAME)))
  41                         throw new CredentialException(
  42                                         "OS username already set with " + sharedState.get(CmsAuthUtils.SHARED_STATE_OS_USERNAME));
  43                 if (!sharedState.containsKey(CmsAuthUtils.SHARED_STATE_OS_USERNAME))
  44                         sharedState.put(CmsAuthUtils.SHARED_STATE_OS_USERNAME, username);
  45                 return true;
  46         }
  47
  48         @Override
  49         public boolean commit() throws LoginException {
  50                 String authorizationName;
  51                 KerberosPrincipal kerberosPrincipal = CmsAuthUtils.getSinglePrincipal(subject, KerberosPrincipal.class);
  52                 if (kerberosPrincipal != null) {
  53                         LdapName userDn = IpaUtils.kerberosToDn(kerberosPrincipal.getName());
  54                         X500Principal principal = new X500Principal(userDn.toString());
  55                         authorizationName = principal.getName();
  56                 } else {
  57                         Object username = sharedState.get(CmsAuthUtils.SHARED_STATE_OS_USERNAME);
  58                         if (username == null)
  59                                 throw new LoginException("No username available");
  60                         String hostname = CmsContextImpl.getCmsContext().getCmsState().getHostname();
  61                         String baseDn = ("." + hostname).replaceAll("\\.", ",dc=");
  62                         X500Principal principal = new X500Principal(LdapAttr.uid + "=" + username + baseDn);
  63                         authorizationName = principal.getName();
  64                 }
  65
  66                 RemoteAuthRequest request = (RemoteAuthRequest) sharedState.get(CmsAuthUtils.SHARED_STATE_HTTP_REQUEST);
  67                 Locale locale = Locale.getDefault();
  68                 if (request != null)
  69                         locale = request.getLocale();
  70                 if (locale == null)
  71                         locale = Locale.getDefault();
  72
  73                 Authorization authorization = null;
  74                 if (kerberosPrincipal != null) {
  75                         authorization = new SingleUserAuthorization(authorizationName);
  76                         CmsAuthUtils.addAuthorization(subject, authorization);
  77                 } else {
  78                         // next step with user admin will properly populate
  79                         authorization = new SingleUserAuthorization(authorizationName);
  80                         CmsAuthUtils.addAuthorization(subject, authorization);
  81                 }
  82
  83                 // Add standard Java OS login
  84                 OsUserUtils.loginAsSystemUser(subject);
  85
  86                 // additional principals (must be after Authorization registration)
  87 //              Set<Principal> principals = subject.getPrincipals();
  88 //              principals.add(principal);
  89 //              principals.add(new ImpliedByPrincipal(NodeConstants.ROLE_ADMIN, principal));
  90 //              principals.add(new DataAdminPrincipal());
  91
  92                 if (authorization != null)
  93                         CmsAuthUtils.registerSessionAuthorization(request, subject, authorization, locale);
  94
  95                 return true;
  96         }
  97
  98         @Override
  99         public boolean abort() throws LoginException {
 100                 return true;
 101         }
 102
 103         @Override
 104         public boolean logout() throws LoginException {
 105                 CmsAuthUtils.cleanUp(subject);
 106                 return true;
 107         }
 108
 109 }