From 3152a0fe54d407b812cab4c141936227539a33b2 Mon Sep 17 00:00:00 2001 From: Mathieu Baudier Date: Tue, 7 Nov 2017 12:13:39 +0100 Subject: [PATCH] Use no IPA JAAS as default --- .../cms/internal/kernel/CmsDeployment.java | 27 ++++++++++--------- .../cms/internal/kernel/KernelConstants.java | 2 +- .../kernel/{jaas-noipa.cfg => jaas-ipa.cfg} | 11 ++++++++ .../org/argeo/cms/internal/kernel/jaas.cfg | 11 -------- .../cms/internal/kernel/ou=roles,ou=node.ldif | 4 +++ 5 files changed, 30 insertions(+), 25 deletions(-) rename org.argeo.cms/src/org/argeo/cms/internal/kernel/{jaas-noipa.cfg => jaas-ipa.cfg} (59%) diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/CmsDeployment.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/CmsDeployment.java index 07c10f486..10ebb603a 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/CmsDeployment.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/CmsDeployment.java @@ -103,25 +103,27 @@ public class CmsDeployment implements NodeDeployment { deployConfig = new DeployConfig(configurationAdmin, cleanState); httpExpected = deployConfig.getProps(KernelConstants.JETTY_FACTORY_PID, "default") != null; try { + // Configuration[] configs = configurationAdmin + // .listConfigurations("(service.factoryPid=" + + // NodeConstants.NODE_REPOS_FACTORY_PID + ")"); + // for (Configuration config : configs) { + // Object cn = config.getProperties().get(NodeConstants.CN); + // if (log.isDebugEnabled()) + // log.debug("Standalone repo cn: " + cn); + // } Configuration[] configs = configurationAdmin - .listConfigurations("(service.factoryPid=" + NodeConstants.NODE_REPOS_FACTORY_PID + ")"); - for (Configuration config : configs) { - Object cn = config.getProperties().get(NodeConstants.CN); - log.debug("Standalone repo cn: " + cn); - } - configs = configurationAdmin .listConfigurations("(service.factoryPid=" + NodeConstants.NODE_USER_ADMIN_PID + ")"); boolean hasDomain = false; for (Configuration config : configs) { Object realm = config.getProperties().get(UserAdminConf.realm.name()); if (realm != null) { - log.debug("Realm: " + realm); + log.debug("Found realm: " + realm); hasDomain = true; } } - if (!hasDomain) { - loadNoIpaJaasConfiguration(); + if (hasDomain) { + loadIpaJaasConfiguration(); } } catch (Exception e) { throw new CmsException("Cannot initialize config", e); @@ -131,13 +133,12 @@ public class CmsDeployment implements NodeDeployment { }.open(); } - private void loadNoIpaJaasConfiguration() { + private void loadIpaJaasConfiguration() { if (System.getProperty(KernelConstants.JAAS_CONFIG_PROP) == null) { - String jaasConfig = KernelConstants.JAAS_CONFIG_NOIPA; + String jaasConfig = KernelConstants.JAAS_CONFIG_IPA; URL url = getClass().getClassLoader().getResource(jaasConfig); KernelUtils.setJaasConfiguration(url); - if (log.isDebugEnabled()) - log.debug("Set no-IPA JAAS configuration."); + log.debug("Set IPA JAAS configuration."); } } diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/KernelConstants.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/KernelConstants.java index 25e2f1d41..45f3354b8 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/KernelConstants.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/KernelConstants.java @@ -18,7 +18,7 @@ public interface KernelConstants { // Security String JAAS_CONFIG = "/org/argeo/cms/internal/kernel/jaas.cfg"; - String JAAS_CONFIG_NOIPA = "/org/argeo/cms/internal/kernel/jaas-noipa.cfg"; + String JAAS_CONFIG_IPA = "/org/argeo/cms/internal/kernel/jaas-ipa.cfg"; // Java String JAAS_CONFIG_PROP = "java.security.auth.login.config"; diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas-noipa.cfg b/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas-ipa.cfg similarity index 59% rename from org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas-noipa.cfg rename to org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas-ipa.cfg index e32c23f11..018c1bf9c 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas-noipa.cfg +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas-ipa.cfg @@ -1,5 +1,7 @@ USER { org.argeo.cms.auth.HttpSessionLoginModule sufficient; + org.argeo.cms.auth.SpnegoLoginModule optional; + com.sun.security.auth.module.Krb5LoginModule optional tryFirstPass=true; org.argeo.cms.auth.UserAdminLoginModule sufficient; }; @@ -13,6 +15,10 @@ DATA_ADMIN { }; NODE { + com.sun.security.auth.module.Krb5LoginModule optional + keyTab="${osgi.instance.area}node/krb5.keytab" + useKeyTab=true + storeKey=true; org.argeo.cms.auth.DataAdminLoginModule requisite; }; @@ -21,6 +27,11 @@ KEYRING { }; SINGLE_USER { + com.sun.security.auth.module.Krb5LoginModule optional + principal="${user.name}" + storeKey=true + useTicketCache=true + debug=true; org.argeo.cms.auth.SingleUserLoginModule requisite; }; diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg b/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg index 018c1bf9c..e32c23f11 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg @@ -1,7 +1,5 @@ USER { org.argeo.cms.auth.HttpSessionLoginModule sufficient; - org.argeo.cms.auth.SpnegoLoginModule optional; - com.sun.security.auth.module.Krb5LoginModule optional tryFirstPass=true; org.argeo.cms.auth.UserAdminLoginModule sufficient; }; @@ -15,10 +13,6 @@ DATA_ADMIN { }; NODE { - com.sun.security.auth.module.Krb5LoginModule optional - keyTab="${osgi.instance.area}node/krb5.keytab" - useKeyTab=true - storeKey=true; org.argeo.cms.auth.DataAdminLoginModule requisite; }; @@ -27,11 +21,6 @@ KEYRING { }; SINGLE_USER { - com.sun.security.auth.module.Krb5LoginModule optional - principal="${user.name}" - storeKey=true - useTicketCache=true - debug=true; org.argeo.cms.auth.SingleUserLoginModule requisite; }; diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/ou=roles,ou=node.ldif b/org.argeo.cms/src/org/argeo/cms/internal/kernel/ou=roles,ou=node.ldif index c50a483fd..d9c1fbf40 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/ou=roles,ou=node.ldif +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/ou=roles,ou=node.ldif @@ -20,4 +20,8 @@ objectClass: top cn: userAdmin member: cn=admin,ou=roles,ou=node +dn: cn=registering,ou=roles,ou=node +objectClass: groupOfNames +objectClass: top +cn: registering -- 2.30.2