X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FSingleUserLoginModule.java;h=10e091ead0a4953e2236f2ad4860c5d04ba277c2;hb=e75cf778a87f1b2ef7cfc57339ccbf9657282e92;hp=4d2cc33390183f406a8fd1a71b2552ae479936d5;hpb=3714331f776988facff3632d86ad3f6d6352220c;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java
index 4d2cc3339..10e091ead 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java
@@ -1,29 +1,26 @@
 package org.argeo.cms.auth;
 
-import java.net.InetAddress;
-import java.net.UnknownHostException;
-import java.security.Principal;
+import java.util.Locale;
 import java.util.Map;
-import java.util.Set;
 
 import javax.naming.ldap.LdapName;
 import javax.security.auth.Subject;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.kerberos.KerberosPrincipal;
+import javax.security.auth.login.CredentialException;
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
 import javax.security.auth.x500.X500Principal;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.argeo.cms.internal.auth.ImpliedByPrincipal;
-import org.argeo.naming.LdapAttrs;
-import org.argeo.node.NodeConstants;
-import org.argeo.node.security.DataAdminPrincipal;
-import org.argeo.osgi.useradmin.IpaUtils;
+import org.argeo.api.acr.ldap.LdapAttr;
+import org.argeo.cms.directory.ldap.IpaUtils;
+import org.argeo.cms.internal.runtime.CmsContextImpl;
+import org.argeo.cms.osgi.useradmin.OsUserUtils;
+import org.osgi.service.useradmin.Authorization;
 
+/** Login module for when the system is owned by a single user. */
 public class SingleUserLoginModule implements LoginModule {
-	private final static Log log = LogFactory.getLog(SingleUserLoginModule.class);
+//	private final static CmsLog log = CmsLog.getLog(SingleUserLoginModule.class);
 
 	private Subject subject;
 	private Map<String, Object> sharedState = null;
@@ -39,36 +36,53 @@ public class SingleUserLoginModule implements LoginModule {
 	@Override
 	public boolean login() throws LoginException {
 		String username = System.getProperty("user.name");
-		if (!sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME))
-			sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, username);
+		if (sharedState.containsKey(CmsAuthUtils.SHARED_STATE_OS_USERNAME)
+				&& !username.equals(sharedState.get(CmsAuthUtils.SHARED_STATE_OS_USERNAME)))
+			throw new CredentialException(
+					"OS username already set with " + sharedState.get(CmsAuthUtils.SHARED_STATE_OS_USERNAME));
+		if (!sharedState.containsKey(CmsAuthUtils.SHARED_STATE_OS_USERNAME))
+			sharedState.put(CmsAuthUtils.SHARED_STATE_OS_USERNAME, username);
 		return true;
 	}
 
 	@Override
 	public boolean commit() throws LoginException {
-		X500Principal principal;
+		String authorizationName;
 		KerberosPrincipal kerberosPrincipal = CmsAuthUtils.getSinglePrincipal(subject, KerberosPrincipal.class);
 		if (kerberosPrincipal != null) {
 			LdapName userDn = IpaUtils.kerberosToDn(kerberosPrincipal.getName());
-			principal = new X500Principal(userDn.toString());
+			X500Principal principal = new X500Principal(userDn.toString());
+			authorizationName = principal.getName();
 		} else {
-			Object username = sharedState.get(CmsAuthUtils.SHARED_STATE_NAME);
+			Object username = sharedState.get(CmsAuthUtils.SHARED_STATE_OS_USERNAME);
 			if (username == null)
 				throw new LoginException("No username available");
-			String hostname;
-			try {
-				hostname = InetAddress.getLocalHost().getHostName();
-			} catch (UnknownHostException e) {
-				log.warn("Using localhost as hostname", e);
-				hostname = "localhost";
-			}
+			String hostname = CmsContextImpl.getCmsContext().getCmsState().getHostname();
 			String baseDn = ("." + hostname).replaceAll("\\.", ",dc=");
-			principal = new X500Principal(LdapAttrs.uid + "=" + username + baseDn);
+			X500Principal principal = new X500Principal(LdapAttr.uid + "=" + username + baseDn);
+			authorizationName = principal.getName();
 		}
-		Set<Principal> principals = subject.getPrincipals();
-		principals.add(principal);
-		principals.add(new ImpliedByPrincipal(NodeConstants.ROLE_ADMIN, principal));
-		principals.add(new DataAdminPrincipal());
+
+		RemoteAuthRequest request = (RemoteAuthRequest) sharedState.get(CmsAuthUtils.SHARED_STATE_HTTP_REQUEST);
+		Locale locale = Locale.getDefault();
+		if (request != null)
+			locale = request.getLocale();
+		if (locale == null)
+			locale = Locale.getDefault();
+		Authorization authorization = new SingleUserAuthorization(authorizationName);
+		CmsAuthUtils.addAuthorization(subject, authorization);
+
+		// Add standard Java OS login
+		OsUserUtils.loginAsSystemUser(subject);
+
+		// additional principals (must be after Authorization registration)
+//		Set<Principal> principals = subject.getPrincipals();
+//		principals.add(principal);
+//		principals.add(new ImpliedByPrincipal(NodeConstants.ROLE_ADMIN, principal));
+//		principals.add(new DataAdminPrincipal());
+
+		CmsAuthUtils.registerSessionAuthorization(request, subject, authorization, locale);
+
 		return true;
 	}
 
@@ -79,7 +93,7 @@ public class SingleUserLoginModule implements LoginModule {
 
 	@Override
 	public boolean logout() throws LoginException {
-		// TODO Auto-generated method stub
+		CmsAuthUtils.cleanUp(subject);
 		return true;
 	}