Rename CmsSession into CmsView, and make it exclusively related to the Display (and...

[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / internal / auth / UserAdminLoginModule.java
diff --git a/org.argeo.cms/src/org/argeo/cms/internal/auth/UserAdminLoginModule.java b/org.argeo.cms/src/org/argeo/cms/internal/auth/UserAdminLoginModule.java

index f598515217d6dbce821fd4bba5e4181cfdce699b..5fca43be38e2abc31afd0bf282acad4541448ca0 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/internal/auth/UserAdminLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/auth/UserAdminLoginModule.java
@@ -1,8 +1,5 @@
  package org.argeo.cms.internal.auth;
  
-import java.nio.ByteBuffer;
-import java.nio.CharBuffer;
-import java.nio.charset.Charset;
  import java.security.Principal;
  import java.util.Arrays;
  import java.util.Collections;
@@ -22,8 +19,6 @@ import javax.security.auth.login.LoginException;
  import javax.security.auth.spi.LoginModule;
  import javax.security.auth.x500.X500Principal;
  
-import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.codec.digest.DigestUtils;
  import org.apache.jackrabbit.core.security.AnonymousPrincipal;
  import org.apache.jackrabbit.core.security.SecurityConstants;
  import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
@@ -40,18 +35,19 @@ public class UserAdminLoginModule implements LoginModule {
         private CallbackHandler callbackHandler;
         private boolean isAnonymous = false;
  
-       private final static LdapName ROLE_ADMIN_NAME, ROLE_USER_NAME,
-                       ROLE_ANONYMOUS_NAME;
+       private final static LdapName ROLE_KERNEL_NAME, ROLE_ADMIN_NAME,
+                       ROLE_ANONYMOUS_NAME, ROLE_USER_NAME;
         private final static List<LdapName> RESERVED_ROLES;
         private final static X500Principal ROLE_ANONYMOUS_PRINCIPAL;
         static {
                 try {
+                       ROLE_KERNEL_NAME = new LdapName(KernelHeader.ROLE_KERNEL);
                         ROLE_ADMIN_NAME = new LdapName(KernelHeader.ROLE_ADMIN);
                         ROLE_USER_NAME = new LdapName(KernelHeader.ROLE_USER);
                         ROLE_ANONYMOUS_NAME = new LdapName(KernelHeader.ROLE_ANONYMOUS);
                         RESERVED_ROLES = Collections.unmodifiableList(Arrays
-                                       .asList(new LdapName[] { ROLE_ANONYMOUS_NAME,
-                                                       ROLE_USER_NAME, ROLE_ADMIN_NAME,
+                                       .asList(new LdapName[] { ROLE_KERNEL_NAME, ROLE_ADMIN_NAME,
+                                                       ROLE_ANONYMOUS_NAME, ROLE_USER_NAME,
                                                         new LdapName(KernelHeader.ROLE_GROUP_ADMIN),
                                                         new LdapName(KernelHeader.ROLE_USER_ADMIN) }));
                         ROLE_ANONYMOUS_PRINCIPAL = new X500Principal(
@@ -112,15 +108,10 @@ public class UserAdminLoginModule implements LoginModule {
                         else
                                 throw new CredentialNotFoundException("No credentials provided");
  
-                       // user = (User) userAdmin.getRole(username);
                         user = userAdmin.getUser(null, username);
                         if (user == null)
                                 return false;
-
-                       byte[] hashedPassword = ("{SHA}" + Base64
-                                       .encodeBase64String(DigestUtils.sha1(toBytes(password))))
-                                       .getBytes();
-                       if (!user.hasCredential("userpassword", hashedPassword))
+                       if (!user.hasCredential(null, password))
                                 return false;
                 } else
                         // anonymous
@@ -129,16 +120,6 @@ public class UserAdminLoginModule implements LoginModule {
                 return true;
         }
  
-       private byte[] toBytes(char[] chars) {
-               CharBuffer charBuffer = CharBuffer.wrap(chars);
-               ByteBuffer byteBuffer = Charset.forName("UTF-8").encode(charBuffer);
-               byte[] bytes = Arrays.copyOfRange(byteBuffer.array(),
-                               byteBuffer.position(), byteBuffer.limit());
-               Arrays.fill(charBuffer.array(), '\u0000'); // clear sensitive data
-               Arrays.fill(byteBuffer.array(), (byte) 0); // clear sensitive data
-               return bytes;
-       }
-
         @Override
         public boolean commit() throws LoginException {
                 if (authorization != null) {
@@ -218,7 +199,8 @@ public class UserAdminLoginModule implements LoginModule {
  
         private void checkImpliedPrincipalName(LdapName roleName) {
                 if (ROLE_USER_NAME.equals(roleName)
-                               || ROLE_ANONYMOUS_NAME.equals(roleName))
+                               || ROLE_ANONYMOUS_NAME.equals(roleName)
+                               || ROLE_KERNEL_NAME.equals(roleName))
                         throw new CmsException(roleName + " cannot be listed as role");
         }
  }