projects / lgpl / argeo-commons.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Clarify logged in user
[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / auth / UserAdminLoginModule.java
diff --git a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
index aa41e108301abd0ce47abe25665586a880b5d0d6..47b36f446f003744d61d4c56e3ccc31ba6a122f6 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
@@ -3,6 +3,7 @@ package org.argeo.cms.auth;
 import static org.argeo.api.acr.ldap.LdapAttr.cn;
 
 import java.io.IOException;
+import java.security.Principal;
 import java.security.PrivilegedAction;
 import java.util.Arrays;
 import java.util.HashSet;
@@ -47,8 +48,8 @@ public class UserAdminLoginModule implements LoginModule {
        private CallbackHandler callbackHandler;
        private Map<String, Object> sharedState = null;
 
-       private List<String> indexedUserProperties = Arrays.asList(new String[] { LdapAttr.mail.name(),
-                       LdapAttr.uid.name(), LdapAttr.employeeNumber.name(), LdapAttr.authPassword.name() });
+       private List<String> indexedUserProperties = Arrays.asList(new String[] { LdapAttr.mail.name(), LdapAttr.uid.name(),
+                       LdapAttr.employeeNumber.name(), LdapAttr.authPassword.name() });
 
        // private state
 //     private BundleContext bc;
@@ -102,6 +103,11 @@ public class UserAdminLoginModule implements LoginModule {
                        username = (String) sharedState.get(CmsAuthUtils.SHARED_STATE_NAME);
                        password = null;
                        preauth = true;
+               } else if (sharedState.containsKey(CmsAuthUtils.SHARED_STATE_OS_USERNAME)) {
+                       // single user, we assume Kerberos or other mean for commit
+                       username = (String) sharedState.get(CmsAuthUtils.SHARED_STATE_OS_USERNAME);
+                       password = null;
+                       preauth = true;
                } else {
 
                        // ask for username and password
@@ -155,7 +161,7 @@ public class UserAdminLoginModule implements LoginModule {
                        return true;// expect Kerberos
 
                if (password != null) {
-                       //  TODO disabling bind for the time being,
+                       // TODO disabling bind for the time being,
                        // as it requires authorisations to be set at LDAP level
                        boolean tryBind = false;
                        // try bind first
@@ -204,7 +210,7 @@ public class UserAdminLoginModule implements LoginModule {
 //             }
                UserAdmin userAdmin = CmsContextImpl.getCmsContext().getUserAdmin();
                Authorization authorization;
-               if (callbackHandler == null) {// anonymous
+               if (callbackHandler == null && !sharedState.containsKey(CmsAuthUtils.SHARED_STATE_OS_USERNAME)) {// anonymous
                        authorization = userAdmin.getAuthorization(null);
                } else if (bindAuthorization != null) {// bind
                        authorization = bindAuthorization;
@@ -274,8 +280,21 @@ public class UserAdminLoginModule implements LoginModule {
                // Register CmsSession with initial subject
                CmsAuthUtils.registerSessionAuthorization(request, subject, authorization, locale);
 
-               if (log.isDebugEnabled())
-                       log.debug("Logged in to CMS: " + subject);
+               if (log.isDebugEnabled()) {
+                       StringBuilder msg = new StringBuilder();
+                       msg.append("Logged in to CMS: '" + authorization + "' (" + authorization.getName() + ")\n");
+                       for (Principal principal : subject.getPrincipals()) {
+                               msg.append("  Principal: " + principal.getName()).append(" (")
+                                               .append(principal.getClass().getSimpleName()).append(")\n");
+                       }
+                       for (Object credential : subject.getPublicCredentials()) {
+                               msg.append("  Public Credential: " + credential).append(" (")
+                                               .append(credential.getClass().getSimpleName()).append(")\n");
+                       }
+                       log.debug(msg);
+               }
+//             if (log.isTraceEnabled())
+//                     log.trace(" Subject: " + subject);
                return true;
        }
 
Argeo Commons - Lightweight integration framework in pure Java/OSGi