X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FSpnegoLoginModule.java;h=2dbad96d28d592bcb007d7e186ea6223c054f62c;hb=f4da6777015da3fc392138f0c01cea2f2add9ed3;hp=ef2872e38c52fa452318d50dd4fc8f010c525bcd;hpb=cf53e939cabed54ee2a3074afcf22417fbdf364d;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/SpnegoLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/SpnegoLoginModule.java
index ef2872e38..2dbad96d2 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/SpnegoLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/SpnegoLoginModule.java
@@ -8,17 +8,17 @@ import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.argeo.cms.internal.kernel.Activator;
+import org.argeo.api.cms.CmsLog;
+import org.argeo.cms.internal.runtime.CmsContextImpl;
 import org.ietf.jgss.GSSContext;
 import org.ietf.jgss.GSSCredential;
 import org.ietf.jgss.GSSException;
 import org.ietf.jgss.GSSManager;
 import org.ietf.jgss.GSSName;
 
+/** SPNEGO login */
 public class SpnegoLoginModule implements LoginModule {
-	private final static Log log = LogFactory.getLog(SpnegoLoginModule.class);
+	private final static CmsLog log = CmsLog.getLog(SpnegoLoginModule.class);
 
 	private Subject subject;
 	private Map<String, Object> sharedState = null;
@@ -41,22 +41,20 @@ public class SpnegoLoginModule implements LoginModule {
 		gssContext = checkToken(spnegoToken);
 		if (gssContext == null)
 			return false;
-		try {
-			String clientName = gssContext.getSrcName().toString();
-			String role = clientName.substring(clientName.indexOf('@') + 1);
-
-			log.debug("SpnegoUserRealm: established a security context");
-			log.debug("Client Principal is: " + gssContext.getSrcName());
-			log.debug("Server Principal is: " + gssContext.getTargName());
-			log.debug("Client Default Role: " + role);
-		} catch (GSSException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		}
-
-		// TODO log in
-
-		return false;
+		else
+			return true;
+		// try {
+		// String clientName = gssContext.getSrcName().toString();
+		// String role = clientName.substring(clientName.indexOf('@') + 1);
+		//
+		// log.debug("SpnegoUserRealm: established a security context");
+		// log.debug("Client Principal is: " + gssContext.getSrcName());
+		// log.debug("Server Principal is: " + gssContext.getTargName());
+		// log.debug("Client Default Role: " + role);
+		// } catch (GSSException e) {
+		// // TODO Auto-generated catch block
+		// e.printStackTrace();
+		// }
 	}
 
 	@Override
@@ -67,35 +65,53 @@ public class SpnegoLoginModule implements LoginModule {
 		try {
 			Class<?> gssUtilsClass = Class.forName("com.sun.security.jgss.GSSUtil");
 			Method createSubjectMethod = gssUtilsClass.getMethod("createSubject", GSSName.class, GSSCredential.class);
-			Subject gssSubject = (Subject) createSubjectMethod.invoke(null, gssContext.getSrcName(),
-					gssContext.getDelegCred());
+			Subject gssSubject;
+			if (gssContext.getCredDelegState())
+				gssSubject = (Subject) createSubjectMethod.invoke(null, gssContext.getSrcName(),
+						gssContext.getDelegCred());
+			else
+				gssSubject = (Subject) createSubjectMethod.invoke(null, gssContext.getSrcName(), null);
 			subject.getPrincipals().addAll(gssSubject.getPrincipals());
 			subject.getPrivateCredentials().addAll(gssSubject.getPrivateCredentials());
 			return true;
 		} catch (Exception e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-			return false;
+			throw new LoginException("Cannot commit SPNEGO " + e);
 		}
 
 	}
 
 	@Override
 	public boolean abort() throws LoginException {
-		// TODO Auto-generated method stub
-		return false;
+		if (gssContext != null) {
+			try {
+				gssContext.dispose();
+			} catch (GSSException e) {
+				if (log.isTraceEnabled())
+					log.warn("Could not abort", e);
+			}
+			gssContext = null;
+		}
+		return true;
 	}
 
 	@Override
 	public boolean logout() throws LoginException {
-		// TODO Auto-generated method stub
-		return false;
+		if (gssContext != null) {
+			try {
+				gssContext.dispose();
+			} catch (GSSException e) {
+				if (log.isTraceEnabled())
+					log.warn("Could not abort", e);
+			}
+			gssContext = null;
+		}
+		return true;
 	}
 
 	private GSSContext checkToken(byte[] authToken) {
 		GSSManager manager = GSSManager.getInstance();
 		try {
-			GSSContext gContext = manager.createContext(Activator.getAcceptorCredentials());
+			GSSContext gContext = manager.createContext(CmsContextImpl.getAcceptorCredentials());
 
 			if (gContext == null) {
 				log.debug("SpnegoUserRealm: failed to establish GSSContext");
@@ -115,4 +131,9 @@ public class SpnegoLoginModule implements LoginModule {
 		return null;
 
 	}
+
+	@Deprecated
+	public static boolean hasAcceptorCredentials() {
+		return CmsContextImpl.getAcceptorCredentials() != null;
+	}
 }