X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FSingleUserLoginModule.java;h=10e091ead0a4953e2236f2ad4860c5d04ba277c2;hb=e75cf778a87f1b2ef7cfc57339ccbf9657282e92;hp=240564f9ec894b809c956829e01fc653dc8d0942;hpb=043d226a5504a212eb5673c3ed4441c1167724d7;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java index 240564f9e..10e091ead 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java @@ -1,7 +1,5 @@ package org.argeo.cms.auth; -import java.net.InetAddress; -import java.net.UnknownHostException; import java.util.Locale; import java.util.Map; @@ -9,21 +7,20 @@ import javax.naming.ldap.LdapName; import javax.security.auth.Subject; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.kerberos.KerberosPrincipal; +import javax.security.auth.login.CredentialException; import javax.security.auth.login.LoginException; import javax.security.auth.spi.LoginModule; import javax.security.auth.x500.X500Principal; -import javax.servlet.http.HttpServletRequest; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.argeo.naming.LdapAttrs; -import org.argeo.osgi.useradmin.IpaUtils; -import org.argeo.osgi.useradmin.OsUserUtils; +import org.argeo.api.acr.ldap.LdapAttr; +import org.argeo.cms.directory.ldap.IpaUtils; +import org.argeo.cms.internal.runtime.CmsContextImpl; +import org.argeo.cms.osgi.useradmin.OsUserUtils; import org.osgi.service.useradmin.Authorization; /** Login module for when the system is owned by a single user. */ public class SingleUserLoginModule implements LoginModule { - private final static Log log = LogFactory.getLog(SingleUserLoginModule.class); +// private final static CmsLog log = CmsLog.getLog(SingleUserLoginModule.class); private Subject subject; private Map sharedState = null; @@ -39,8 +36,12 @@ public class SingleUserLoginModule implements LoginModule { @Override public boolean login() throws LoginException { String username = System.getProperty("user.name"); - if (!sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME)) - sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, username); + if (sharedState.containsKey(CmsAuthUtils.SHARED_STATE_OS_USERNAME) + && !username.equals(sharedState.get(CmsAuthUtils.SHARED_STATE_OS_USERNAME))) + throw new CredentialException( + "OS username already set with " + sharedState.get(CmsAuthUtils.SHARED_STATE_OS_USERNAME)); + if (!sharedState.containsKey(CmsAuthUtils.SHARED_STATE_OS_USERNAME)) + sharedState.put(CmsAuthUtils.SHARED_STATE_OS_USERNAME, username); return true; } @@ -53,22 +54,16 @@ public class SingleUserLoginModule implements LoginModule { X500Principal principal = new X500Principal(userDn.toString()); authorizationName = principal.getName(); } else { - Object username = sharedState.get(CmsAuthUtils.SHARED_STATE_NAME); + Object username = sharedState.get(CmsAuthUtils.SHARED_STATE_OS_USERNAME); if (username == null) throw new LoginException("No username available"); - String hostname; - try { - hostname = InetAddress.getLocalHost().getHostName(); - } catch (UnknownHostException e) { - log.warn("Using localhost as hostname", e); - hostname = "localhost"; - } + String hostname = CmsContextImpl.getCmsContext().getCmsState().getHostname(); String baseDn = ("." + hostname).replaceAll("\\.", ",dc="); - X500Principal principal = new X500Principal(LdapAttrs.uid + "=" + username + baseDn); + X500Principal principal = new X500Principal(LdapAttr.uid + "=" + username + baseDn); authorizationName = principal.getName(); } - HttpServletRequest request = (HttpServletRequest) sharedState.get(CmsAuthUtils.SHARED_STATE_HTTP_REQUEST); + RemoteAuthRequest request = (RemoteAuthRequest) sharedState.get(CmsAuthUtils.SHARED_STATE_HTTP_REQUEST); Locale locale = Locale.getDefault(); if (request != null) locale = request.getLocale(); @@ -76,8 +71,8 @@ public class SingleUserLoginModule implements LoginModule { locale = Locale.getDefault(); Authorization authorization = new SingleUserAuthorization(authorizationName); CmsAuthUtils.addAuthorization(subject, authorization); - - // Add standard Java OS login + + // Add standard Java OS login OsUserUtils.loginAsSystemUser(subject); // additional principals (must be after Authorization registration)