X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FUserAdminLoginModule.java;h=f5883a54f1035fc10608f7a5152380affa486c7a;hb=a847fccbcfed504b2526c137a46d1e0238c28cf5;hp=52a90c7a5eed86bc2f2eb5b1827b9386721cc05d;hpb=db7aecc7170c024e0e39135cf6b8aa6ce7569ccb;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java index 52a90c7a5..f5883a54f 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java @@ -24,12 +24,12 @@ import org.osgi.service.useradmin.Authorization; import org.osgi.service.useradmin.User; import org.osgi.service.useradmin.UserAdmin; -public class UserAdminLoginModule implements LoginModule, AuthConstants { +public class UserAdminLoginModule implements LoginModule { private Subject subject; private CallbackHandler callbackHandler; private Map sharedState = null; - private boolean isAnonymous = false; + // private boolean isAnonymous = false; // private state private BundleContext bc; @@ -46,8 +46,9 @@ public class UserAdminLoginModule implements LoginModule, AuthConstants { // this.subject = subject; this.callbackHandler = callbackHandler; this.sharedState = (Map) sharedState; - if (options.containsKey("anonymous")) - isAnonymous = Boolean.parseBoolean(options.get("anonymous").toString()); + // if (options.containsKey("anonymous")) + // isAnonymous = + // Boolean.parseBoolean(options.get("anonymous").toString()); } catch (Exception e) { throw new CmsException("Cannot initialize login module", e); } @@ -55,10 +56,30 @@ public class UserAdminLoginModule implements LoginModule, AuthConstants { @Override public boolean login() throws LoginException { + Authorization sharedAuth = (Authorization) sharedState.get(CmsAuthUtils.SHARED_STATE_AUTHORIZATION); + if (sharedAuth != null) { + if (callbackHandler == null && sharedAuth.getName() != null) + throw new LoginException("Shared authorization should be anonymous"); + return false; + } UserAdmin userAdmin = bc.getService(bc.getServiceReference(UserAdmin.class)); - if (isAnonymous) { + if (callbackHandler == null) {// anonymous authorization = userAdmin.getAuthorization(null); + sharedState.put(CmsAuthUtils.SHARED_STATE_AUTHORIZATION, authorization); + return true; + } + + final String username; + final char[] password; + if (sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME) + && sharedState.containsKey(CmsAuthUtils.SHARED_STATE_PWD)) { + username = (String) sharedState.get(CmsAuthUtils.SHARED_STATE_NAME); + password = (char[]) sharedState.get(CmsAuthUtils.SHARED_STATE_PWD); + // TODO locale? + AuthenticatingUser authenticatingUser = new AuthenticatingUser(username, password); + authorization = userAdmin.getAuthorization(authenticatingUser); } else { + // ask for username and password NameCallback nameCallback = new NameCallback("User"); PasswordCallback passwordCallback = new PasswordCallback("Password", false); @@ -80,39 +101,42 @@ public class UserAdminLoginModule implements LoginModule, AuthConstants { locale = Locale.getDefault(); UiContext.setLocale(locale); - authorization = (Authorization) sharedState.get(SHARED_STATE_AUTHORIZATION); - - if (authorization == null) { - // create credentials - final String username = nameCallback.getName(); - if (username == null || username.trim().equals("")) { - // authorization = userAdmin.getAuthorization(null); - throw new CredentialNotFoundException("No credentials provided"); - } else { - char[] password = {}; - if (passwordCallback.getPassword() != null) - password = passwordCallback.getPassword(); - else - throw new CredentialNotFoundException("No credentials provided"); - - User user = userAdmin.getUser(null, username); - if (user == null) - throw new FailedLoginException("Invalid credentials"); - if (!user.hasCredential(null, password)) - throw new FailedLoginException("Invalid credentials"); - // return false; - - // Log and monitor new login - // if (log.isDebugEnabled()) - // log.debug("Logged in to CMS with username [" + username + - // "]"); - - authorization = userAdmin.getAuthorization(user); - } + // authorization = (Authorization) + // sharedState.get(CmsAuthUtils.SHARED_STATE_AUTHORIZATION); + // + // if (authorization == null) { + // create credentials + username = nameCallback.getName(); + if (username == null || username.trim().equals("")) { + // authorization = userAdmin.getAuthorization(null); + throw new CredentialNotFoundException("No credentials provided"); } + // char[] password = {}; + if (passwordCallback.getPassword() != null) + password = passwordCallback.getPassword(); + else + throw new CredentialNotFoundException("No credentials provided"); + // FIXME move Argeo specific convention from user admin to here + User user = userAdmin.getUser(null, username); + if (user == null) + throw new FailedLoginException("Invalid credentials"); + if (!user.hasCredential(null, password)) + throw new FailedLoginException("Invalid credentials"); + // return false; + + // Log and monitor new login + // if (log.isDebugEnabled()) + // log.debug("Logged in to CMS with username [" + username + + // "]"); + + authorization = userAdmin.getAuthorization(user); + assert authorization != null; } - // if (!sharedState.containsKey(SHARED_STATE_AUTHORIZATION)) - // sharedState.put(SHARED_STATE_AUTHORIZATION, authorization); + + // } + // if + // (!sharedState.containsKey(CmsAuthUtils.SHARED_STATE_AUTHORIZATION)) + sharedState.put(CmsAuthUtils.SHARED_STATE_AUTHORIZATION, authorization); return authorization != null; }