import org.argeo.api.cms.CmsConstants;
import org.argeo.api.cms.CmsLog;
import org.argeo.api.cms.CmsState;
+import org.argeo.api.cms.directory.UserDirectory;
+import org.argeo.api.cms.transaction.WorkControl;
+import org.argeo.api.cms.transaction.WorkTransaction;
import org.argeo.cms.CmsDeployProperty;
-import org.argeo.osgi.useradmin.AggregatingUserAdmin;
-import org.argeo.osgi.useradmin.DirectoryUserAdmin;
-import org.argeo.osgi.useradmin.UserDirectory;
-import org.argeo.util.directory.DirectoryConf;
-import org.argeo.util.naming.dns.DnsBrowser;
-import org.argeo.util.transaction.WorkControl;
-import org.argeo.util.transaction.WorkTransaction;
+import org.argeo.cms.dns.DnsBrowser;
+import org.argeo.cms.osgi.useradmin.AggregatingUserAdmin;
+import org.argeo.cms.osgi.useradmin.DirectoryUserAdmin;
+import org.argeo.cms.runtime.DirectoryConf;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
private final static CmsLog log = CmsLog.getLog(CmsUserAdmin.class);
// GSS API
- private Path nodeKeyTab = KernelUtils.getOsgiInstancePath(KernelConstants.NODE_KEY_TAB_PATH);
+ private Path nodeKeyTab = null;
private GSSCredential acceptorCredentials;
private boolean singleUser = false;
private CmsState cmsState;
public CmsUserAdmin() {
- super(CmsConstants.ROLES_BASEDN, CmsConstants.TOKENS_BASEDN);
+ super(CmsConstants.SYSTEM_ROLES_BASEDN, CmsConstants.TOKENS_BASEDN);
}
public void start() {
// node roles
String nodeRolesUri = null;// getFrameworkProp(CmsConstants.ROLES_URI);
- String baseNodeRoleDn = CmsConstants.ROLES_BASEDN;
+ String baseNodeRoleDn = CmsConstants.SYSTEM_ROLES_BASEDN;
if (nodeRolesUri == null && nodeBase != null) {
nodeRolesUri = baseNodeRoleDn + ".ldif";
Path nodeRolesFile = nodeBase.resolve(nodeRolesUri);
Optional<String> realm = userDirectory.getRealm();
if (realm.isPresent()) {
loadIpaJaasConfiguration();
- if (Files.exists(nodeKeyTab)) {
+ if (nodeKeyTab != null && Files.exists(nodeKeyTab)) {
String servicePrincipal = getKerberosServicePrincipal(realm.get());
if (servicePrincipal != null) {
CallbackHandler callbackHandler = new CallbackHandler() {
private void loadIpaJaasConfiguration() {
if (CmsStateImpl.getDeployProperty(cmsState, CmsDeployProperty.JAVA_LOGIN_CONFIG) == null) {
+ if (System.getProperty(KernelConstants.PROP_ARGEO_NODE_KRB5_KEYTAB) == null) {
+ System.setProperty(KernelConstants.PROP_ARGEO_NODE_KRB5_KEYTAB,
+ KernelUtils.getOsgiInstancePath(KernelConstants.NODE_KEY_TAB_PATH).toString());
+ }
+ Path kt = Paths.get(System.getProperty(KernelConstants.PROP_ARGEO_NODE_KRB5_KEYTAB));
+ if (nodeKeyTab != null) {
+ if (!nodeKeyTab.equals(kt))
+ throw new IllegalStateException("A node keytab is already set");
+ } else {
+ nodeKeyTab = kt;
+ }
String jaasConfig = KernelConstants.JAAS_CONFIG_IPA;
URL url = getClass().getClassLoader().getResource(jaasConfig);
KernelUtils.setJaasConfiguration(url);
}
protected String getKerberosServicePrincipal(String realm) {
- if (!Files.exists(nodeKeyTab))
+ if (nodeKeyTab == null || !Files.exists(nodeKeyTab))
return null;
List<String> dns = CmsStateImpl.getDeployProperties(cmsState, CmsDeployProperty.DNS);
String hostname = CmsStateImpl.getDeployProperty(cmsState, CmsDeployProperty.HOST);