X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FUserAdminLoginModule.java;h=f5883a54f1035fc10608f7a5152380affa486c7a;hb=a847fccbcfed504b2526c137a46d1e0238c28cf5;hp=d4c41022f62dff2dd07e5d138f720e7a422b8070;hpb=3a0d866fbeea3f78c293212f4b4fbaeba7dfe2bd;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
index d4c41022f..f5883a54f 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
@@ -24,31 +24,31 @@ import org.osgi.service.useradmin.Authorization;
 import org.osgi.service.useradmin.User;
 import org.osgi.service.useradmin.UserAdmin;
 
-public class UserAdminLoginModule implements LoginModule, AuthConstants {
-	// private final static Log log =
-	// LogFactory.getLog(UserAdminLoginModule.class);
-	//
-	// private Subject subject;
+public class UserAdminLoginModule implements LoginModule {
+	private Subject subject;
 	private CallbackHandler callbackHandler;
 	private Map<String, Object> sharedState = null;
 
-	private boolean isAnonymous = false;
+	// private boolean isAnonymous = false;
 
-	// private HttpServletRequest request = null;
+	// private state
 	private BundleContext bc;
+	private Authorization authorization;
 
 	@SuppressWarnings("unchecked")
 	@Override
 	public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
 			Map<String, ?> options) {
+		this.subject = subject;
 		try {
 			bc = FrameworkUtil.getBundle(UserAdminLoginModule.class).getBundleContext();
 			assert bc != null;
 			// this.subject = subject;
 			this.callbackHandler = callbackHandler;
 			this.sharedState = (Map<String, Object>) sharedState;
-			if (options.containsKey("anonymous"))
-				isAnonymous = Boolean.parseBoolean(options.get("anonymous").toString());
+			// if (options.containsKey("anonymous"))
+			// isAnonymous =
+			// Boolean.parseBoolean(options.get("anonymous").toString());
 		} catch (Exception e) {
 			throw new CmsException("Cannot initialize login module", e);
 		}
@@ -56,12 +56,30 @@ public class UserAdminLoginModule implements LoginModule, AuthConstants {
 
 	@Override
 	public boolean login() throws LoginException {
+		Authorization sharedAuth = (Authorization) sharedState.get(CmsAuthUtils.SHARED_STATE_AUTHORIZATION);
+		if (sharedAuth != null) {
+			if (callbackHandler == null && sharedAuth.getName() != null)
+				throw new LoginException("Shared authorization should be anonymous");
+			return false;
+		}
 		UserAdmin userAdmin = bc.getService(bc.getServiceReference(UserAdmin.class));
-		Authorization authorization = null;
-		if (isAnonymous) {
+		if (callbackHandler == null) {// anonymous
 			authorization = userAdmin.getAuthorization(null);
+			sharedState.put(CmsAuthUtils.SHARED_STATE_AUTHORIZATION, authorization);
+			return true;
+		}
+
+		final String username;
+		final char[] password;
+		if (sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME)
+				&& sharedState.containsKey(CmsAuthUtils.SHARED_STATE_PWD)) {
+			username = (String) sharedState.get(CmsAuthUtils.SHARED_STATE_NAME);
+			password = (char[]) sharedState.get(CmsAuthUtils.SHARED_STATE_PWD);
+			// TODO locale?
+			AuthenticatingUser authenticatingUser = new AuthenticatingUser(username, password);
+			authorization = userAdmin.getAuthorization(authenticatingUser);
 		} else {
-			// HttpRequestCallback httpCallback = new HttpRequestCallback();
+
 			// ask for username and password
 			NameCallback nameCallback = new NameCallback("User");
 			PasswordCallback passwordCallback = new PasswordCallback("Password", false);
@@ -70,163 +88,90 @@ public class UserAdminLoginModule implements LoginModule, AuthConstants {
 				callbackHandler.handle(new Callback[] { nameCallback, passwordCallback, langCallback });
 			} catch (IOException e) {
 				throw new LoginException("Cannot handle callback: " + e.getMessage());
-			} catch (ThreadDeath e) {
-				throw new ThreadDeathLoginException("Callbackhandler thread died", e);
+				// } catch (ThreadDeath e) {
+				// throw new ThreadDeathLoginException("Callbackhandler thread
+				// died", e);
 			} catch (UnsupportedCallbackException e) {
 				return false;
 			}
 
-			// check http
-			// request = httpCallback.getRequest();
-			// authorization = checkHttp();
-
 			// i18n
 			Locale locale = langCallback.getLocale();
 			if (locale == null)
 				locale = Locale.getDefault();
 			UiContext.setLocale(locale);
 
-			authorization = (Authorization) sharedState.get(SHARED_STATE_AUTHORIZATION);
-
-			if (authorization == null) {
-				// create credentials
-				final String username = nameCallback.getName();
-				if (username == null || username.trim().equals("")) {
-					// authorization = userAdmin.getAuthorization(null);
-					throw new CredentialNotFoundException("No credentials provided");
-				} else {
-					char[] password = {};
-					if (passwordCallback.getPassword() != null)
-						password = passwordCallback.getPassword();
-					else
-						throw new CredentialNotFoundException("No credentials provided");
-
-					User user = userAdmin.getUser(null, username);
-					if (user == null)
-						throw new FailedLoginException("Invalid credentials");
-					if (!user.hasCredential(null, password))
-						throw new FailedLoginException("Invalid credentials");
-					// return false;
-
-					// Log and monitor new login
-					// if (log.isDebugEnabled())
-					// log.debug("Logged in to CMS with username [" + username +
-					// "]");
-
-					authorization = userAdmin.getAuthorization(user);
-				}
+			// authorization = (Authorization)
+			// sharedState.get(CmsAuthUtils.SHARED_STATE_AUTHORIZATION);
+			//
+			// if (authorization == null) {
+			// create credentials
+			username = nameCallback.getName();
+			if (username == null || username.trim().equals("")) {
+				// authorization = userAdmin.getAuthorization(null);
+				throw new CredentialNotFoundException("No credentials provided");
 			}
+			// char[] password = {};
+			if (passwordCallback.getPassword() != null)
+				password = passwordCallback.getPassword();
+			else
+				throw new CredentialNotFoundException("No credentials provided");
+			// FIXME move Argeo specific convention from user admin to here
+			User user = userAdmin.getUser(null, username);
+			if (user == null)
+				throw new FailedLoginException("Invalid credentials");
+			if (!user.hasCredential(null, password))
+				throw new FailedLoginException("Invalid credentials");
+			// return false;
+
+			// Log and monitor new login
+			// if (log.isDebugEnabled())
+			// log.debug("Logged in to CMS with username [" + username +
+			// "]");
+
+			authorization = userAdmin.getAuthorization(user);
+			assert authorization != null;
 		}
-		if (!sharedState.containsKey(SHARED_STATE_AUTHORIZATION))
-			sharedState.put(SHARED_STATE_AUTHORIZATION, authorization);
-		// subject.getPrivateCredentials().add(authorization);
-		return true;
-	}
 
-	// private Authorization checkHttp() {
-	// Authorization authorization = null;
-	// if (request != null) {
-	// authorization = (Authorization)
-	// request.getAttribute(HttpContext.AUTHORIZATION);
-	// if (authorization == null) {
-	// String sessionId = request.getSession().getId();
-	// authorization = (Authorization)
-	// request.getSession().getAttribute(HttpContext.AUTHORIZATION);
-	// if (authorization == null) {
-	// Collection<ServiceReference<CmsSession>> sr;
-	// try {
-	// sr = bc.getServiceReferences(CmsSession.class,
-	// "(" + CmsSession.CMS_SESSION_ID + "=" + sessionId + ")");
-	// } catch (InvalidSyntaxException e) {
-	// throw new CmsException("Cannot get CMS session for id " + sessionId, e);
-	// }
-	// if (sr.size() == 1) {
-	// CmsSession cmsSession = bc.getService(sr.iterator().next());
-	// authorization = cmsSession.getAuthorization();
-	// if (log.isTraceEnabled())
-	// log.trace("Retrieved authorization from " + cmsSession);
-	// }
-	// }
-	// }
-	// }
-	// return authorization;
-	// }
+		// }
+		// if
+		// (!sharedState.containsKey(CmsAuthUtils.SHARED_STATE_AUTHORIZATION))
+		sharedState.put(CmsAuthUtils.SHARED_STATE_AUTHORIZATION, authorization);
+		return authorization != null;
+	}
 
 	@Override
 	public boolean commit() throws LoginException {
-		// Authorization authorization =
-		// subject.getPrivateCredentials(Authorization.class).iterator().next();
-		// if (request != null && authorization.getName() != null) {
-		// request.setAttribute(HttpContext.REMOTE_USER,
-		// authorization.getName());
-		// request.setAttribute(HttpContext.AUTHORIZATION, authorization);
-		//
-		// HttpSession httpSession = request.getSession();
-		// if (httpSession.getAttribute(HttpContext.AUTHORIZATION) == null) {
-		//
-		// String sessionId = request.getSession().getId();
-		// Collection<ServiceReference<CmsSession>> sr;
-		// try {
-		// sr = bc.getServiceReferences(CmsSession.class,
-		// "(" + CmsSession.CMS_SESSION_ID + "=" + sessionId + ")");
-		// } catch (InvalidSyntaxException e) {
-		// throw new CmsException("Cannot get CMS session for id " + sessionId,
-		// e);
+		// Set<KerberosPrincipal> kerberosPrincipals =
+		// subject.getPrincipals(KerberosPrincipal.class);
+		// if (kerberosPrincipals.size() != 0) {
+		// KerberosPrincipal kerberosPrincipal =
+		// kerberosPrincipals.iterator().next();
+		// System.out.println(kerberosPrincipal);
+		// UserAdmin userAdmin =
+		// bc.getService(bc.getServiceReference(UserAdmin.class));
+		// User user = userAdmin.getUser(null, kerberosPrincipal.getName());
+		// Authorization authorization = userAdmin.getAuthorization(user);
+		// sharedState.put(SHARED_STATE_AUTHORIZATION, authorization);
 		// }
-		// CmsSession cmsSession;
-		// if (sr.size() == 1) {
-		// cmsSession = bc.getService(sr.iterator().next());
-		// } else if (sr.size() == 0) {
-		// Hashtable<String, String> props = new Hashtable<>();
-		// props.put(CmsSession.CMS_DN, authorization.getName());
-		// props.put(CmsSession.CMS_SESSION_ID, sessionId);
-		// cmsSession = new CmsSessionImpl(sessionId, authorization);
-		// bc.registerService(CmsSession.class, cmsSession, props);
-		// if (log.isDebugEnabled())
-		// log.debug("Initialized " + cmsSession + " for " +
-		// authorization.getName());
-		// } else
-		// throw new CmsException(sr.size() + " CMS sessions registered for " +
-		// sessionId);
-		// cmsSession.addHttpSession(request);
-		// if (log.isTraceEnabled())
-		// log.trace("Added " + request.getServletPath() + " to " + cmsSession +
-		// " (" + request.getRequestURI()
-		// + ")");
-		// httpSession.setAttribute(HttpContext.AUTHORIZATION, authorization);
-		// }
-		// subject.getPrivateCredentials().add(request.getSession());
-		// }
-		return true;
+		if (authorization == null) {
+			return false;
+			// throw new LoginException("Authorization should not be null");
+		} else {
+			CmsAuthUtils.addAuthentication(subject, authorization);
+			return true;
+		}
 	}
 
 	@Override
 	public boolean abort() throws LoginException {
-		// cleanUp();
+		authorization = null;
 		return true;
 	}
 
 	@Override
 	public boolean logout() throws LoginException {
-		// Set<HttpSession> httpSession =
-		// subject.getPrivateCredentials(HttpSession.class);
-		// Iterator<HttpSession> it = httpSession.iterator();
-		// while (it.hasNext()) {
-		// HttpSession sess = it.next();
-		// sess.setAttribute(HttpContext.AUTHORIZATION, null);
-		// // sess.setMaxInactiveInterval(1);// invalidate session
-		//
-		// // TODO log out CMS session
-		// }
-		// subject.getPrivateCredentials().removeAll(httpSession);
-		//
-		// cleanUp();
+		CmsAuthUtils.cleanUp(subject);
 		return true;
 	}
-
-	// private void cleanUp() {
-	// subject.getPrivateCredentials().removeAll(subject.getPrivateCredentials(Authorization.class));
-	// subject = null;
-	// }
-
 }