X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fruntime%2FCmsUserAdmin.java;h=2e294722046e9aed1b9e8315cad7a36495c934dd;hb=58ec99a5ae0a63167bf378d98751a8066271758d;hp=6aa490a69ae144f9ec697a0e6c2f39b0ce482762;hpb=54df376a9c2dd458a82eaa09bfbb718fe699dd0d;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java b/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java index 6aa490a69..2e2947220 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java @@ -29,13 +29,13 @@ import org.argeo.api.cms.CmsAuth; import org.argeo.api.cms.CmsConstants; import org.argeo.api.cms.CmsLog; import org.argeo.api.cms.CmsState; +import org.argeo.api.cms.directory.UserDirectory; import org.argeo.api.cms.transaction.WorkControl; import org.argeo.api.cms.transaction.WorkTransaction; import org.argeo.cms.CmsDeployProperty; import org.argeo.cms.dns.DnsBrowser; import org.argeo.cms.osgi.useradmin.AggregatingUserAdmin; import org.argeo.cms.osgi.useradmin.DirectoryUserAdmin; -import org.argeo.cms.osgi.useradmin.UserDirectory; import org.argeo.cms.runtime.DirectoryConf; import org.ietf.jgss.GSSCredential; import org.ietf.jgss.GSSException; @@ -54,7 +54,7 @@ public class CmsUserAdmin extends AggregatingUserAdmin { private final static CmsLog log = CmsLog.getLog(CmsUserAdmin.class); // GSS API - private Path nodeKeyTab = KernelUtils.getOsgiInstancePath(KernelConstants.NODE_KEY_TAB_PATH); + private Path nodeKeyTab = null; private GSSCredential acceptorCredentials; private boolean singleUser = false; @@ -271,7 +271,7 @@ public class CmsUserAdmin extends AggregatingUserAdmin { Optional realm = userDirectory.getRealm(); if (realm.isPresent()) { loadIpaJaasConfiguration(); - if (Files.exists(nodeKeyTab)) { + if (nodeKeyTab != null && Files.exists(nodeKeyTab)) { String servicePrincipal = getKerberosServicePrincipal(realm.get()); if (servicePrincipal != null) { CallbackHandler callbackHandler = new CallbackHandler() { @@ -313,6 +313,17 @@ public class CmsUserAdmin extends AggregatingUserAdmin { private void loadIpaJaasConfiguration() { if (CmsStateImpl.getDeployProperty(cmsState, CmsDeployProperty.JAVA_LOGIN_CONFIG) == null) { + if (System.getProperty(KernelConstants.PROP_ARGEO_NODE_KRB5_KEYTAB) == null) { + System.setProperty(KernelConstants.PROP_ARGEO_NODE_KRB5_KEYTAB, + KernelUtils.getOsgiInstancePath(KernelConstants.NODE_KEY_TAB_PATH).toString()); + } + Path kt = Paths.get(System.getProperty(KernelConstants.PROP_ARGEO_NODE_KRB5_KEYTAB)); + if (nodeKeyTab != null) { + if (!nodeKeyTab.equals(kt)) + throw new IllegalStateException("A node keytab is already set"); + } else { + nodeKeyTab = kt; + } String jaasConfig = KernelConstants.JAAS_CONFIG_IPA; URL url = getClass().getClassLoader().getResource(jaasConfig); KernelUtils.setJaasConfiguration(url); @@ -321,7 +332,7 @@ public class CmsUserAdmin extends AggregatingUserAdmin { } protected String getKerberosServicePrincipal(String realm) { - if (!Files.exists(nodeKeyTab)) + if (nodeKeyTab == null || !Files.exists(nodeKeyTab)) return null; List dns = CmsStateImpl.getDeployProperties(cmsState, CmsDeployProperty.DNS); String hostname = CmsStateImpl.getDeployProperty(cmsState, CmsDeployProperty.HOST);