X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FUserAdminLoginModule.java;h=47b36f446f003744d61d4c56e3ccc31ba6a122f6;hb=7df9a77d020b8b982aea6b899073be5003dd3232;hp=aa41e108301abd0ce47abe25665586a880b5d0d6;hpb=e4a5502f49e2a2c35d16bbc96efdffead1362a76;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java index aa41e1083..47b36f446 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java @@ -3,6 +3,7 @@ package org.argeo.cms.auth; import static org.argeo.api.acr.ldap.LdapAttr.cn; import java.io.IOException; +import java.security.Principal; import java.security.PrivilegedAction; import java.util.Arrays; import java.util.HashSet; @@ -47,8 +48,8 @@ public class UserAdminLoginModule implements LoginModule { private CallbackHandler callbackHandler; private Map sharedState = null; - private List indexedUserProperties = Arrays.asList(new String[] { LdapAttr.mail.name(), - LdapAttr.uid.name(), LdapAttr.employeeNumber.name(), LdapAttr.authPassword.name() }); + private List indexedUserProperties = Arrays.asList(new String[] { LdapAttr.mail.name(), LdapAttr.uid.name(), + LdapAttr.employeeNumber.name(), LdapAttr.authPassword.name() }); // private state // private BundleContext bc; @@ -102,6 +103,11 @@ public class UserAdminLoginModule implements LoginModule { username = (String) sharedState.get(CmsAuthUtils.SHARED_STATE_NAME); password = null; preauth = true; + } else if (sharedState.containsKey(CmsAuthUtils.SHARED_STATE_OS_USERNAME)) { + // single user, we assume Kerberos or other mean for commit + username = (String) sharedState.get(CmsAuthUtils.SHARED_STATE_OS_USERNAME); + password = null; + preauth = true; } else { // ask for username and password @@ -155,7 +161,7 @@ public class UserAdminLoginModule implements LoginModule { return true;// expect Kerberos if (password != null) { - // TODO disabling bind for the time being, + // TODO disabling bind for the time being, // as it requires authorisations to be set at LDAP level boolean tryBind = false; // try bind first @@ -204,7 +210,7 @@ public class UserAdminLoginModule implements LoginModule { // } UserAdmin userAdmin = CmsContextImpl.getCmsContext().getUserAdmin(); Authorization authorization; - if (callbackHandler == null) {// anonymous + if (callbackHandler == null && !sharedState.containsKey(CmsAuthUtils.SHARED_STATE_OS_USERNAME)) {// anonymous authorization = userAdmin.getAuthorization(null); } else if (bindAuthorization != null) {// bind authorization = bindAuthorization; @@ -274,8 +280,21 @@ public class UserAdminLoginModule implements LoginModule { // Register CmsSession with initial subject CmsAuthUtils.registerSessionAuthorization(request, subject, authorization, locale); - if (log.isDebugEnabled()) - log.debug("Logged in to CMS: " + subject); + if (log.isDebugEnabled()) { + StringBuilder msg = new StringBuilder(); + msg.append("Logged in to CMS: '" + authorization + "' (" + authorization.getName() + ")\n"); + for (Principal principal : subject.getPrincipals()) { + msg.append(" Principal: " + principal.getName()).append(" (") + .append(principal.getClass().getSimpleName()).append(")\n"); + } + for (Object credential : subject.getPublicCredentials()) { + msg.append(" Public Credential: " + credential).append(" (") + .append(credential.getClass().getSimpleName()).append(")\n"); + } + log.debug(msg); + } +// if (log.isTraceEnabled()) +// log.trace(" Subject: " + subject); return true; }