- String username = System.getProperty("user.name");
- X500Principal principal = new X500Principal("uid=" + username + ",dc=localhost,dc=localdomain");
- Set<Principal> principals = subject.getPrincipals();
- principals.add(principal);
- principals.add(new ImpliedByPrincipal(NodeConstants.ROLE_ADMIN, principal));
- principals.add(new DataAdminPrincipal());
+ String authorizationName;
+ KerberosPrincipal kerberosPrincipal = CmsAuthUtils.getSinglePrincipal(subject, KerberosPrincipal.class);
+ if (kerberosPrincipal != null) {
+ LdapName userDn = IpaUtils.kerberosToDn(kerberosPrincipal.getName());
+ X500Principal principal = new X500Principal(userDn.toString());
+ authorizationName = principal.getName();
+ } else {
+ Object username = sharedState.get(CmsAuthUtils.SHARED_STATE_NAME);
+ if (username == null)
+ throw new LoginException("No username available");
+ String hostname = CmsContextImpl.getCmsContext().getCmsState().getHostname();
+ String baseDn = ("." + hostname).replaceAll("\\.", ",dc=");
+ X500Principal principal = new X500Principal(LdapAttr.uid + "=" + username + baseDn);
+ authorizationName = principal.getName();
+ }
+
+ RemoteAuthRequest request = (RemoteAuthRequest) sharedState.get(CmsAuthUtils.SHARED_STATE_HTTP_REQUEST);
+ Locale locale = Locale.getDefault();
+ if (request != null)
+ locale = request.getLocale();
+ if (locale == null)
+ locale = Locale.getDefault();
+ Authorization authorization = new SingleUserAuthorization(authorizationName);
+ CmsAuthUtils.addAuthorization(subject, authorization);
+
+ // Add standard Java OS login
+ OsUserUtils.loginAsSystemUser(subject);
+
+ // additional principals (must be after Authorization registration)
+// Set<Principal> principals = subject.getPrincipals();
+// principals.add(principal);
+// principals.add(new ImpliedByPrincipal(NodeConstants.ROLE_ADMIN, principal));
+// principals.add(new DataAdminPrincipal());
+
+ CmsAuthUtils.registerSessionAuthorization(request, subject, authorization, locale);
+