Improve single user login.

[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / auth / SingleUserLoginModule.java
diff --git a/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java

index e3da327e6e2e4e1db08c6c004507828d0082005a..240564f9ec894b809c956829e01fc653dc8d0942 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java
@@ -2,9 +2,8 @@ package org.argeo.cms.auth;
  
  import java.net.InetAddress;
  import java.net.UnknownHostException;
-import java.security.Principal;
+import java.util.Locale;
  import java.util.Map;
-import java.util.Set;
  
  import javax.naming.ldap.LdapName;
  import javax.security.auth.Subject;
@@ -13,15 +12,16 @@ import javax.security.auth.kerberos.KerberosPrincipal;
  import javax.security.auth.login.LoginException;
  import javax.security.auth.spi.LoginModule;
  import javax.security.auth.x500.X500Principal;
+import javax.servlet.http.HttpServletRequest;
  
  import org.apache.commons.logging.Log;
  import org.apache.commons.logging.LogFactory;
-import org.argeo.api.NodeConstants;
-import org.argeo.api.security.DataAdminPrincipal;
-import org.argeo.cms.internal.auth.ImpliedByPrincipal;
  import org.argeo.naming.LdapAttrs;
  import org.argeo.osgi.useradmin.IpaUtils;
+import org.argeo.osgi.useradmin.OsUserUtils;
+import org.osgi.service.useradmin.Authorization;
  
+/** Login module for when the system is owned by a single user. */
  public class SingleUserLoginModule implements LoginModule {
         private final static Log log = LogFactory.getLog(SingleUserLoginModule.class);
  
@@ -46,11 +46,12 @@ public class SingleUserLoginModule implements LoginModule {
  
         @Override
         public boolean commit() throws LoginException {
-               X500Principal principal;
+               String authorizationName;
                 KerberosPrincipal kerberosPrincipal = CmsAuthUtils.getSinglePrincipal(subject, KerberosPrincipal.class);
                 if (kerberosPrincipal != null) {
                         LdapName userDn = IpaUtils.kerberosToDn(kerberosPrincipal.getName());
-                       principal = new X500Principal(userDn.toString());
+                       X500Principal principal = new X500Principal(userDn.toString());
+                       authorizationName = principal.getName();
                 } else {
                         Object username = sharedState.get(CmsAuthUtils.SHARED_STATE_NAME);
                         if (username == null)
@@ -63,12 +64,30 @@ public class SingleUserLoginModule implements LoginModule {
                                 hostname = "localhost";
                         }
                         String baseDn = ("." + hostname).replaceAll("\\.", ",dc=");
-                       principal = new X500Principal(LdapAttrs.uid + "=" + username + baseDn);
+                       X500Principal principal = new X500Principal(LdapAttrs.uid + "=" + username + baseDn);
+                       authorizationName = principal.getName();
                 }
-               Set<Principal> principals = subject.getPrincipals();
-               principals.add(principal);
-               principals.add(new ImpliedByPrincipal(NodeConstants.ROLE_ADMIN, principal));
-               principals.add(new DataAdminPrincipal());
+
+               HttpServletRequest request = (HttpServletRequest) sharedState.get(CmsAuthUtils.SHARED_STATE_HTTP_REQUEST);
+               Locale locale = Locale.getDefault();
+               if (request != null)
+                       locale = request.getLocale();
+               if (locale == null)
+                       locale = Locale.getDefault();
+               Authorization authorization = new SingleUserAuthorization(authorizationName);
+               CmsAuthUtils.addAuthorization(subject, authorization);
+               
+               // Add standard Java OS login 
+               OsUserUtils.loginAsSystemUser(subject);
+
+               // additional principals (must be after Authorization registration)
+//             Set<Principal> principals = subject.getPrincipals();
+//             principals.add(principal);
+//             principals.add(new ImpliedByPrincipal(NodeConstants.ROLE_ADMIN, principal));
+//             principals.add(new DataAdminPrincipal());
+
+               CmsAuthUtils.registerSessionAuthorization(request, subject, authorization, locale);
+
                 return true;
         }
  
@@ -79,7 +98,7 @@ public class SingleUserLoginModule implements LoginModule {
  
         @Override
         public boolean logout() throws LoginException {
-               // TODO Auto-generated method stub
+               CmsAuthUtils.cleanUp(subject);
                 return true;
         }