package org.argeo.cms.auth;
-import static org.argeo.util.naming.LdapAttrs.cn;
+import static org.argeo.api.acr.ldap.LdapAttrs.cn;
import java.io.IOException;
import java.security.PrivilegedAction;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
+import org.argeo.api.acr.ldap.LdapAttrs;
import org.argeo.api.cms.CmsConstants;
import org.argeo.api.cms.CmsLog;
+import org.argeo.cms.directory.ldap.IpaUtils;
import org.argeo.cms.internal.runtime.CmsContextImpl;
-import org.argeo.osgi.useradmin.AuthenticatingUser;
-import org.argeo.osgi.useradmin.TokenUtils;
-import org.argeo.util.directory.ldap.IpaUtils;
-import org.argeo.util.naming.LdapAttrs;
-import org.osgi.framework.BundleContext;
-import org.osgi.framework.FrameworkUtil;
+import org.argeo.cms.osgi.useradmin.AuthenticatingUser;
+import org.argeo.cms.osgi.useradmin.TokenUtils;
import org.osgi.service.useradmin.Authorization;
import org.osgi.service.useradmin.Group;
import org.osgi.service.useradmin.User;
LdapAttrs.uid.name(), LdapAttrs.employeeNumber.name(), LdapAttrs.authPassword.name() });
// private state
- private BundleContext bc;
+// private BundleContext bc;
private User authenticatedUser = null;
private Locale locale;
Map<String, ?> options) {
this.subject = subject;
try {
- bc = FrameworkUtil.getBundle(UserAdminLoginModule.class).getBundleContext();
+// bc = FrameworkUtil.getBundle(UserAdminLoginModule.class).getBundleContext();
this.callbackHandler = callbackHandler;
this.sharedState = (Map<String, Object>) sharedState;
} catch (Exception e) {
return true;// expect Kerberos
if (password != null) {
+ // TODO disabling bind for the time being,
+ // as it requires authorisations to be set at LDAP level
+ boolean tryBind = false;
// try bind first
- try {
- AuthenticatingUser authenticatingUser = new AuthenticatingUser(user.getName(), password);
- bindAuthorization = userAdmin.getAuthorization(authenticatingUser);
- // TODO check tokens as well
- if (bindAuthorization != null) {
- authenticatedUser = user;
- return true;
+ if (tryBind)
+ try {
+ AuthenticatingUser authenticatingUser = new AuthenticatingUser(user.getName(), password);
+ bindAuthorization = userAdmin.getAuthorization(authenticatingUser);
+ // TODO check tokens as well
+ if (bindAuthorization != null) {
+ authenticatedUser = user;
+ return true;
+ }
+ } catch (Exception e) {
+ // silent
+ if (log.isTraceEnabled())
+ log.trace("Bind failed", e);
}
- } catch (Exception e) {
- // silent
- if (log.isTraceEnabled())
- log.trace("Bind failed", e);
- }
// works only if a connection password is provided
if (!user.hasCredential(null, password)) {