X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FUserAdminLoginModule.java;h=4b72903e22ae3dc66933ca0e91e267ff7b13b581;hb=ecf8ab7382eadecab5a93261f261d0fd2168ffa8;hp=cdb0f4ca27edfff0ad89340753d357ab097c09d7;hpb=b6e64316eb5472b68f4673cbda3f1e375defe8fe;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
index cdb0f4ca2..4b72903e2 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
@@ -27,11 +27,10 @@ import javax.servlet.http.HttpServletRequest;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.argeo.cms.CmsException;
+import org.argeo.api.NodeConstants;
+import org.argeo.api.security.CryptoKeyring;
 import org.argeo.cms.internal.kernel.Activator;
 import org.argeo.naming.LdapAttrs;
-import org.argeo.node.NodeConstants;
-import org.argeo.node.security.CryptoKeyring;
 import org.argeo.osgi.useradmin.AuthenticatingUser;
 import org.argeo.osgi.useradmin.IpaUtils;
 import org.argeo.osgi.useradmin.OsUserUtils;
@@ -44,6 +43,10 @@ import org.osgi.service.useradmin.Group;
 import org.osgi.service.useradmin.User;
 import org.osgi.service.useradmin.UserAdmin;
 
+/**
+ * Use the {@link UserAdmin} in the OSGi registry as the basis for
+ * authentication.
+ */
 public class UserAdminLoginModule implements LoginModule {
 	private final static Log log = LogFactory.getLog(UserAdminLoginModule.class);
 
@@ -73,7 +76,7 @@ public class UserAdminLoginModule implements LoginModule {
 			this.callbackHandler = callbackHandler;
 			this.sharedState = (Map<String, Object>) sharedState;
 		} catch (Exception e) {
-			throw new CmsException("Cannot initialize login module", e);
+			throw new IllegalStateException("Cannot initialize login module", e);
 		}
 	}
 
@@ -83,6 +86,7 @@ public class UserAdminLoginModule implements LoginModule {
 		final String username;
 		final char[] password;
 		Object certificateChain = null;
+		boolean preauth = false;
 		if (sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME)
 				&& sharedState.containsKey(CmsAuthUtils.SHARED_STATE_PWD)) {
 			// NB: required by Basic http auth
@@ -103,9 +107,17 @@ public class UserAdminLoginModule implements LoginModule {
 			username = certDn;
 			certificateChain = sharedState.get(CmsAuthUtils.SHARED_STATE_CERTIFICATE_CHAIN);
 			password = null;
+		} else if (sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME)
+				&& sharedState.containsKey(CmsAuthUtils.SHARED_STATE_REMOTE_ADDR)
+				&& sharedState.containsKey(CmsAuthUtils.SHARED_STATE_REMOTE_PORT)) {// ident
+			username = (String) sharedState.get(CmsAuthUtils.SHARED_STATE_NAME);
+			password = null;
+			preauth = true;
 		} else if (singleUser) {
 			username = OsUserUtils.getOsUsername();
 			password = null;
+			// TODO retrieve from http session
+			locale = Locale.getDefault();
 		} else {
 
 			// ask for username and password
@@ -184,6 +196,8 @@ public class UserAdminLoginModule implements LoginModule {
 			// is provided
 		} else if (singleUser) {
 			// TODO verify IP address?
+		} else if (preauth) {
+			// ident
 		} else {
 			throw new CredentialNotFoundException("No credentials provided");
 		}
@@ -194,9 +208,7 @@ public class UserAdminLoginModule implements LoginModule {
 
 	@Override
 	public boolean commit() throws LoginException {
-		if (locale == null)
-			subject.getPublicCredentials().add(Locale.getDefault());
-		else
+		if (locale != null)
 			subject.getPublicCredentials().add(locale);
 
 		if (singleUser) {
@@ -215,7 +227,7 @@ public class UserAdminLoginModule implements LoginModule {
 				if (authenticatedUser == null) {
 					if (log.isTraceEnabled())
 						log.trace("Neither kerberos nor user admin login succeeded. Login failed.");
-					return false;
+					throw new CredentialNotFoundException("Bad credentials.");
 				} else {
 					authenticatingUser = authenticatedUser;
 				}
@@ -286,8 +298,6 @@ public class UserAdminLoginModule implements LoginModule {
 	public boolean logout() throws LoginException {
 		if (log.isTraceEnabled())
 			log.trace("Logging out from CMS... " + subject);
-		// boolean httpSessionLogoutOk = CmsAuthUtils.logoutSession(bc,
-		// subject);
 		CmsAuthUtils.cleanUp(subject);
 		return true;
 	}
@@ -345,7 +355,9 @@ public class UserAdminLoginModule implements LoginModule {
 //				return null;
 //			}
 //		}
-		Authorization auth = userAdmin.getAuthorization(tokenGroup);
+		String userDn = TokenUtils.userDn(tokenGroup);
+		User user = (User) userAdmin.getRole(userDn);
+		Authorization auth = userAdmin.getAuthorization(user);
 		return auth;
 	}
 }