X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FUserAdminLoginModule.java;h=4c9d094802026535e7525e543eab1494af113f9c;hb=285c23f26c4d634cd139d393ebcb708187d5e960;hp=ea7d1f37082bf17f335dc27b4c02a89ffc74266c;hpb=c2366f32052deada7d96f635e86f745f438f094e;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java index ea7d1f370..4c9d09480 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java @@ -26,12 +26,11 @@ import javax.security.auth.spi.LoginModule; import org.argeo.api.cms.CmsConstants; import org.argeo.api.cms.CmsLog; -import org.argeo.cms.internal.osgi.NodeUserAdmin; import org.argeo.cms.internal.runtime.CmsContextImpl; import org.argeo.cms.security.CryptoKeyring; import org.argeo.osgi.useradmin.AuthenticatingUser; -import org.argeo.osgi.useradmin.IpaUtils; import org.argeo.osgi.useradmin.TokenUtils; +import org.argeo.util.directory.ldap.IpaUtils; import org.argeo.util.naming.LdapAttrs; import org.osgi.framework.BundleContext; import org.osgi.framework.FrameworkUtil; @@ -52,8 +51,8 @@ public class UserAdminLoginModule implements LoginModule { private CallbackHandler callbackHandler; private Map sharedState = null; - private List indexedUserProperties = Arrays - .asList(new String[] { LdapAttrs.mail.name(), LdapAttrs.uid.name(), LdapAttrs.authPassword.name() }); + private List indexedUserProperties = Arrays.asList(new String[] { LdapAttrs.mail.name(), + LdapAttrs.uid.name(), LdapAttrs.employeeNumber.name(), LdapAttrs.authPassword.name() }); // private state private BundleContext bc; @@ -91,17 +90,13 @@ public class UserAdminLoginModule implements LoginModule { username = (String) sharedState.get(CmsAuthUtils.SHARED_STATE_NAME); password = (char[]) sharedState.get(CmsAuthUtils.SHARED_STATE_PWD); // // TODO locale? + } else if (sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME) + && sharedState.containsKey(CmsAuthUtils.SHARED_STATE_SPNEGO_TOKEN)) { + // SPNEGO login has succeeded, that's enough for us at this stage + return true; } else if (sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME) && sharedState.containsKey(CmsAuthUtils.SHARED_STATE_CERTIFICATE_CHAIN)) { String certDn = (String) sharedState.get(CmsAuthUtils.SHARED_STATE_NAME); -// LdapName ldapName; -// try { -// ldapName = new LdapName(certificateName); -// } catch (InvalidNameException e) { -// e.printStackTrace(); -// return false; -// } -// username = ldapName.getRdn(ldapName.size() - 1).getValue().toString(); username = certDn; certificateChain = sharedState.get(CmsAuthUtils.SHARED_STATE_CERTIFICATE_CHAIN); password = null; @@ -111,11 +106,6 @@ public class UserAdminLoginModule implements LoginModule { username = (String) sharedState.get(CmsAuthUtils.SHARED_STATE_NAME); password = null; preauth = true; -// } else if (singleUser) { -// username = OsUserUtils.getOsUsername(); -// password = null; -// // TODO retrieve from http session -// locale = Locale.getDefault(); } else { // ask for username and password @@ -237,6 +227,8 @@ public class UserAdminLoginModule implements LoginModule { throw new LoginException("Kerberos login " + authenticatingUser.getName() + " is inconsistent with user admin login " + authenticatedUser.getName()); } + if (log.isTraceEnabled()) + log.trace("Retrieve authorization for " + authenticatingUser + "... "); authorization = Subject.doAs(subject, new PrivilegedAction() { @Override