+ UserAdmin userAdmin = CmsContextImpl.getCmsContext().getUserAdmin();
+ final String username;
+ final char[] password;
+ Object certificateChain = null;
+ boolean preauth = false;
+ if (sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME)
+ && sharedState.containsKey(CmsAuthUtils.SHARED_STATE_PWD)) {
+ // NB: required by Basic http auth
+ username = (String) sharedState.get(CmsAuthUtils.SHARED_STATE_NAME);
+ password = (char[]) sharedState.get(CmsAuthUtils.SHARED_STATE_PWD);
+ // // TODO locale?
+ } else if (sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME)
+ && sharedState.containsKey(CmsAuthUtils.SHARED_STATE_SPNEGO_TOKEN)) {
+ // SPNEGO login has succeeded, that's enough for us at this stage
+ return true;
+ } else if (sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME)
+ && sharedState.containsKey(CmsAuthUtils.SHARED_STATE_CERTIFICATE_CHAIN)) {
+ String certDn = (String) sharedState.get(CmsAuthUtils.SHARED_STATE_NAME);
+ username = certDn;
+ certificateChain = sharedState.get(CmsAuthUtils.SHARED_STATE_CERTIFICATE_CHAIN);
+ password = null;
+ } else if (sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME)
+ && sharedState.containsKey(CmsAuthUtils.SHARED_STATE_REMOTE_ADDR)
+ && sharedState.containsKey(CmsAuthUtils.SHARED_STATE_REMOTE_PORT)) {// ident
+ username = (String) sharedState.get(CmsAuthUtils.SHARED_STATE_NAME);
+ password = null;
+ preauth = true;
+ } else {
+
+ // ask for username and password
+ NameCallback nameCallback = new NameCallback("User");
+ PasswordCallback passwordCallback = new PasswordCallback("Password", false);
+ LanguageCallback langCallback = new LanguageCallback();
+ try {
+ callbackHandler.handle(new Callback[] { nameCallback, passwordCallback, langCallback });
+ } catch (IOException e) {
+ throw new LoginException("Cannot handle callback: " + e.getMessage());
+ } catch (UnsupportedCallbackException e) {
+ return false;
+ }
+
+ // i18n
+ locale = langCallback.getLocale();
+ if (locale == null)
+ locale = Locale.getDefault();
+ // FIXME add it to Subject
+ // Locale.setDefault(locale);
+
+ username = nameCallback.getName();
+ if (username == null || username.trim().equals("")) {
+ // authorization = userAdmin.getAuthorization(null);
+ throw new CredentialNotFoundException("No credentials provided");
+ }
+ if (passwordCallback.getPassword() != null)
+ password = passwordCallback.getPassword();
+ else
+ throw new CredentialNotFoundException("No credentials provided");
+ sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, username);
+ sharedState.put(CmsAuthUtils.SHARED_STATE_PWD, password);
+ }
+ User user = searchForUser(userAdmin, username);
+
+ // Tokens
+ if (user == null) {
+ String token = username;
+ Group tokenGroup = searchForToken(userAdmin, token);
+ if (tokenGroup != null) {
+ Authorization tokenAuthorization = getAuthorizationFromToken(userAdmin, tokenGroup);
+ if (tokenAuthorization != null) {
+ bindAuthorization = tokenAuthorization;
+ authenticatedUser = (User) userAdmin.getRole(bindAuthorization.getName());
+ return true;
+ }
+ }
+ }
+
+ if (user == null)
+ return true;// expect Kerberos
+
+ if (password != null) {
+ // TODO disabling bind for the time being,
+ // as it requires authorisations to be set at LDAP level
+ boolean tryBind = false;
+ // try bind first
+ if (tryBind)