import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
+import javax.servlet.http.HttpServletRequest;
import org.argeo.cms.CmsException;
import org.argeo.naming.LdapAttrs;
public class IpaLoginModule implements LoginModule {
private BundleContext bc;
private Subject subject;
+ private Map<String, Object> sharedState = null;
+ private CallbackHandler callbackHandler;
@Override
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
Map<String, ?> options) {
this.subject = subject;
+ this.sharedState = (Map<String, Object>) sharedState;
+ this.callbackHandler = callbackHandler;
try {
bc = FrameworkUtil.getBundle(IpaLoginModule.class).getBundleContext();
assert bc != null;
Authorization authorization = null;
Set<KerberosPrincipal> kerberosPrincipals = subject.getPrincipals(KerberosPrincipal.class);
if (kerberosPrincipals.isEmpty()) {
+ if(callbackHandler!=null)
+ throw new LoginException("Cannot be anonymous if callback handler is set");
authorization = userAdmin.getAuthorization(null);
} else {
KerberosPrincipal kerberosPrincipal = kerberosPrincipals.iterator().next();
if (authorization == null)
return false;
CmsAuthUtils.addAuthentication(subject, authorization);
+ HttpServletRequest request = (HttpServletRequest) sharedState.get(CmsAuthUtils.SHARED_STATE_HTTP_REQUEST);
+ if (request != null) {
+ CmsAuthUtils.registerSessionAuthorization(bc, request, subject, authorization);
+ }
return true;
}
@Override
public boolean logout() throws LoginException {
- // TODO Auto-generated method stub
- return false;
+ return CmsAuthUtils.logoutSession(bc, subject);
}
}