X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fruntime%2FCmsUserAdmin.java;h=2e294722046e9aed1b9e8315cad7a36495c934dd;hb=58ec99a5ae0a63167bf378d98751a8066271758d;hp=ecb7b8c1c3355afe214ca32b933651b6f863bf42;hpb=79c14508549e1af042485b4f888a3c54f5a68833;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java b/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java index ecb7b8c1c..2e2947220 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java @@ -29,14 +29,14 @@ import org.argeo.api.cms.CmsAuth; import org.argeo.api.cms.CmsConstants; import org.argeo.api.cms.CmsLog; import org.argeo.api.cms.CmsState; +import org.argeo.api.cms.directory.UserDirectory; +import org.argeo.api.cms.transaction.WorkControl; +import org.argeo.api.cms.transaction.WorkTransaction; import org.argeo.cms.CmsDeployProperty; -import org.argeo.osgi.useradmin.AggregatingUserAdmin; -import org.argeo.osgi.useradmin.DirectoryUserAdmin; -import org.argeo.osgi.useradmin.UserDirectory; -import org.argeo.util.directory.DirectoryConf; -import org.argeo.util.naming.dns.DnsBrowser; -import org.argeo.util.transaction.WorkControl; -import org.argeo.util.transaction.WorkTransaction; +import org.argeo.cms.dns.DnsBrowser; +import org.argeo.cms.osgi.useradmin.AggregatingUserAdmin; +import org.argeo.cms.osgi.useradmin.DirectoryUserAdmin; +import org.argeo.cms.runtime.DirectoryConf; import org.ietf.jgss.GSSCredential; import org.ietf.jgss.GSSException; import org.ietf.jgss.GSSManager; @@ -54,7 +54,7 @@ public class CmsUserAdmin extends AggregatingUserAdmin { private final static CmsLog log = CmsLog.getLog(CmsUserAdmin.class); // GSS API - private Path nodeKeyTab = KernelUtils.getOsgiInstancePath(KernelConstants.NODE_KEY_TAB_PATH); + private Path nodeKeyTab = null; private GSSCredential acceptorCredentials; private boolean singleUser = false; @@ -65,7 +65,7 @@ public class CmsUserAdmin extends AggregatingUserAdmin { private CmsState cmsState; public CmsUserAdmin() { - super(CmsConstants.ROLES_BASEDN, CmsConstants.TOKENS_BASEDN); + super(CmsConstants.SYSTEM_ROLES_BASEDN, CmsConstants.TOKENS_BASEDN); } public void start() { @@ -93,7 +93,7 @@ public class CmsUserAdmin extends AggregatingUserAdmin { // node roles String nodeRolesUri = null;// getFrameworkProp(CmsConstants.ROLES_URI); - String baseNodeRoleDn = CmsConstants.ROLES_BASEDN; + String baseNodeRoleDn = CmsConstants.SYSTEM_ROLES_BASEDN; if (nodeRolesUri == null && nodeBase != null) { nodeRolesUri = baseNodeRoleDn + ".ldif"; Path nodeRolesFile = nodeBase.resolve(nodeRolesUri); @@ -219,14 +219,14 @@ public class CmsUserAdmin extends AggregatingUserAdmin { // } else { // throw new IllegalArgumentException("Unsupported scheme " + u.getScheme()); // } - String basePath = userDirectory.getContext(); + String basePath = userDirectory.getBase(); addUserDirectory(userDirectory); if (isSystemRolesBaseDn(basePath)) { addStandardSystemRoles(); } if (log.isDebugEnabled()) { - log.debug("User directory " + userDirectory.getContext() + (u != null ? " [" + u.getScheme() + "]" : "") + log.debug("User directory " + userDirectory.getBase() + (u != null ? " [" + u.getScheme() + "]" : "") + " enabled." + (realm != null ? " " + realm + " realm." : "")); } return userDirectory; @@ -271,7 +271,7 @@ public class CmsUserAdmin extends AggregatingUserAdmin { Optional realm = userDirectory.getRealm(); if (realm.isPresent()) { loadIpaJaasConfiguration(); - if (Files.exists(nodeKeyTab)) { + if (nodeKeyTab != null && Files.exists(nodeKeyTab)) { String servicePrincipal = getKerberosServicePrincipal(realm.get()); if (servicePrincipal != null) { CallbackHandler callbackHandler = new CallbackHandler() { @@ -313,6 +313,17 @@ public class CmsUserAdmin extends AggregatingUserAdmin { private void loadIpaJaasConfiguration() { if (CmsStateImpl.getDeployProperty(cmsState, CmsDeployProperty.JAVA_LOGIN_CONFIG) == null) { + if (System.getProperty(KernelConstants.PROP_ARGEO_NODE_KRB5_KEYTAB) == null) { + System.setProperty(KernelConstants.PROP_ARGEO_NODE_KRB5_KEYTAB, + KernelUtils.getOsgiInstancePath(KernelConstants.NODE_KEY_TAB_PATH).toString()); + } + Path kt = Paths.get(System.getProperty(KernelConstants.PROP_ARGEO_NODE_KRB5_KEYTAB)); + if (nodeKeyTab != null) { + if (!nodeKeyTab.equals(kt)) + throw new IllegalStateException("A node keytab is already set"); + } else { + nodeKeyTab = kt; + } String jaasConfig = KernelConstants.JAAS_CONFIG_IPA; URL url = getClass().getClassLoader().getResource(jaasConfig); KernelUtils.setJaasConfiguration(url); @@ -321,7 +332,7 @@ public class CmsUserAdmin extends AggregatingUserAdmin { } protected String getKerberosServicePrincipal(String realm) { - if (!Files.exists(nodeKeyTab)) + if (nodeKeyTab == null || !Files.exists(nodeKeyTab)) return null; List dns = CmsStateImpl.getDeployProperties(cmsState, CmsDeployProperty.DNS); String hostname = CmsStateImpl.getDeployProperty(cmsState, CmsDeployProperty.HOST);