Start improving single-user login

[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / auth / SingleUserLoginModule.java

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java
index 956987d52ddde586d7b9ff8cf370e1608dc8b72a..10e091ead0a4953e2236f2ad4860c5d04ba277c2 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java
@@ -1,7 +1,5 @@
 package org.argeo.cms.auth;
 
-import java.net.InetAddress;
-import java.net.UnknownHostException;
 import java.util.Locale;
 import java.util.Map;
 
@@ -9,20 +7,20 @@ import javax.naming.ldap.LdapName;
 import javax.security.auth.Subject;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.kerberos.KerberosPrincipal;
+import javax.security.auth.login.CredentialException;
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
 import javax.security.auth.x500.X500Principal;
 
-import org.argeo.api.cms.CmsLog;
+import org.argeo.api.acr.ldap.LdapAttr;
+import org.argeo.cms.directory.ldap.IpaUtils;
 import org.argeo.cms.internal.runtime.CmsContextImpl;
-import org.argeo.osgi.useradmin.OsUserUtils;
-import org.argeo.util.directory.ldap.IpaUtils;
-import org.argeo.util.naming.LdapAttrs;
+import org.argeo.cms.osgi.useradmin.OsUserUtils;
 import org.osgi.service.useradmin.Authorization;
 
 /** Login module for when the system is owned by a single user. */
 public class SingleUserLoginModule implements LoginModule {
-       private final static CmsLog log = CmsLog.getLog(SingleUserLoginModule.class);
+//     private final static CmsLog log = CmsLog.getLog(SingleUserLoginModule.class);
 
        private Subject subject;
        private Map<String, Object> sharedState = null;
@@ -38,8 +36,12 @@ public class SingleUserLoginModule implements LoginModule {
        @Override
        public boolean login() throws LoginException {
                String username = System.getProperty("user.name");
-               if (!sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME))
-                       sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, username);
+               if (sharedState.containsKey(CmsAuthUtils.SHARED_STATE_OS_USERNAME)
+                               && !username.equals(sharedState.get(CmsAuthUtils.SHARED_STATE_OS_USERNAME)))
+                       throw new CredentialException(
+                                       "OS username already set with " + sharedState.get(CmsAuthUtils.SHARED_STATE_OS_USERNAME));
+               if (!sharedState.containsKey(CmsAuthUtils.SHARED_STATE_OS_USERNAME))
+                       sharedState.put(CmsAuthUtils.SHARED_STATE_OS_USERNAME, username);
                return true;
        }
 
@@ -52,12 +54,12 @@ public class SingleUserLoginModule implements LoginModule {
                        X500Principal principal = new X500Principal(userDn.toString());
                        authorizationName = principal.getName();
                } else {
-                       Object username = sharedState.get(CmsAuthUtils.SHARED_STATE_NAME);
+                       Object username = sharedState.get(CmsAuthUtils.SHARED_STATE_OS_USERNAME);
                        if (username == null)
                                throw new LoginException("No username available");
                        String hostname = CmsContextImpl.getCmsContext().getCmsState().getHostname();
                        String baseDn = ("." + hostname).replaceAll("\\.", ",dc=");
-                       X500Principal principal = new X500Principal(LdapAttrs.uid + "=" + username + baseDn);
+                       X500Principal principal = new X500Principal(LdapAttr.uid + "=" + username + baseDn);
                        authorizationName = principal.getName();
                }