X-Git-Url: https://git.argeo.org/?p=lgpl%2Fargeo-commons.git;a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FSingleUserLoginModule.java;h=240564f9ec894b809c956829e01fc653dc8d0942;hp=0b163bac3fb9c12c98f5f85c8a2d36dde0e9abb2;hb=52a45835da8cd816ac2e2b22ee9b84101fe8fb06;hpb=48216df1d870744d4ae7486c6debe0ec626111ac diff --git a/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java index 0b163bac3..240564f9e 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java @@ -2,10 +2,8 @@ package org.argeo.cms.auth; import java.net.InetAddress; import java.net.UnknownHostException; -import java.security.Principal; import java.util.Locale; import java.util.Map; -import java.util.Set; import javax.naming.ldap.LdapName; import javax.security.auth.Subject; @@ -18,11 +16,9 @@ import javax.servlet.http.HttpServletRequest; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.argeo.api.NodeConstants; -import org.argeo.api.security.DataAdminPrincipal; -import org.argeo.cms.internal.auth.ImpliedByPrincipal; import org.argeo.naming.LdapAttrs; import org.argeo.osgi.useradmin.IpaUtils; +import org.argeo.osgi.useradmin.OsUserUtils; import org.osgi.service.useradmin.Authorization; /** Login module for when the system is owned by a single user. */ @@ -50,11 +46,12 @@ public class SingleUserLoginModule implements LoginModule { @Override public boolean commit() throws LoginException { - X500Principal principal; + String authorizationName; KerberosPrincipal kerberosPrincipal = CmsAuthUtils.getSinglePrincipal(subject, KerberosPrincipal.class); if (kerberosPrincipal != null) { LdapName userDn = IpaUtils.kerberosToDn(kerberosPrincipal.getName()); - principal = new X500Principal(userDn.toString()); + X500Principal principal = new X500Principal(userDn.toString()); + authorizationName = principal.getName(); } else { Object username = sharedState.get(CmsAuthUtils.SHARED_STATE_NAME); if (username == null) @@ -67,12 +64,9 @@ public class SingleUserLoginModule implements LoginModule { hostname = "localhost"; } String baseDn = ("." + hostname).replaceAll("\\.", ",dc="); - principal = new X500Principal(LdapAttrs.uid + "=" + username + baseDn); + X500Principal principal = new X500Principal(LdapAttrs.uid + "=" + username + baseDn); + authorizationName = principal.getName(); } - Set principals = subject.getPrincipals(); - principals.add(principal); - principals.add(new ImpliedByPrincipal(NodeConstants.ROLE_ADMIN, principal)); - principals.add(new DataAdminPrincipal()); HttpServletRequest request = (HttpServletRequest) sharedState.get(CmsAuthUtils.SHARED_STATE_HTTP_REQUEST); Locale locale = Locale.getDefault(); @@ -80,8 +74,18 @@ public class SingleUserLoginModule implements LoginModule { locale = request.getLocale(); if (locale == null) locale = Locale.getDefault(); - Authorization authorization = new SingleUserAuthorization(); + Authorization authorization = new SingleUserAuthorization(authorizationName); CmsAuthUtils.addAuthorization(subject, authorization); + + // Add standard Java OS login + OsUserUtils.loginAsSystemUser(subject); + + // additional principals (must be after Authorization registration) +// Set principals = subject.getPrincipals(); +// principals.add(principal); +// principals.add(new ImpliedByPrincipal(NodeConstants.ROLE_ADMIN, principal)); +// principals.add(new DataAdminPrincipal()); + CmsAuthUtils.registerSessionAuthorization(request, subject, authorization, locale); return true;