X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FUserAdminLoginModule.java;h=e39918e4002d40d18584ad91819a2a86545c92e5;hb=54e74b900b1c0f7b1de0def771de35e50a8d4071;hp=e9938763927bc57b1e1e39ed549820e0c9a60c2d;hpb=5b0051363ebe9bcf34282a3cd76e65b12166e073;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
index e99387639..e39918e40 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
@@ -27,9 +27,11 @@ import javax.servlet.http.HttpServletRequest;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.argeo.cms.CmsException;
+import org.argeo.cms.internal.kernel.Activator;
 import org.argeo.naming.LdapAttrs;
 import org.argeo.osgi.useradmin.AuthenticatingUser;
 import org.argeo.osgi.useradmin.IpaUtils;
+import org.argeo.osgi.useradmin.OsUserUtils;
 import org.osgi.framework.BundleContext;
 import org.osgi.framework.FrameworkUtil;
 import org.osgi.service.useradmin.Authorization;
@@ -53,6 +55,8 @@ public class UserAdminLoginModule implements LoginModule {
 
 	private Authorization bindAuthorization = null;
 
+	private boolean singleUser = Activator.isSingleUser();
+
 	@SuppressWarnings("unchecked")
 	@Override
 	public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
@@ -85,7 +89,11 @@ public class UserAdminLoginModule implements LoginModule {
 			username = (String) sharedState.get(CmsAuthUtils.SHARED_STATE_NAME);
 			certificateChain = (X509Certificate[]) sharedState.get(CmsAuthUtils.SHARED_STATE_CERTIFICATE_CHAIN);
 			password = null;
+		} else if (singleUser) {
+			username = OsUserUtils.getOsUsername();
+			password = null;
 		} else {
+
 			// ask for username and password
 			NameCallback nameCallback = new NameCallback("User");
 			PasswordCallback passwordCallback = new PasswordCallback("Password", false);
@@ -141,8 +149,11 @@ public class UserAdminLoginModule implements LoginModule {
 			}
 		} else if (certificateChain != null) {
 			// TODO check CRLs/OSCP validity?
-			// NB: authorization in commit() will work only if an LDAP connection password is provided
-		}else {
+			// NB: authorization in commit() will work only if an LDAP connection password
+			// is provided
+		} else if (singleUser) {
+			// TODO verify IP address?
+		} else {
 			throw new CredentialNotFoundException("No credentials provided");
 		}
 
@@ -152,6 +163,9 @@ public class UserAdminLoginModule implements LoginModule {
 
 	@Override
 	public boolean commit() throws LoginException {
+		if (singleUser) {
+			OsUserUtils.loginAsSystemUser(subject);
+		}
 		UserAdmin userAdmin = bc.getService(bc.getServiceReference(UserAdmin.class));
 		Authorization authorization;
 		if (callbackHandler == null) {// anonymous