deployConfig = new DeployConfig(configurationAdmin, cleanState);
httpExpected = deployConfig.getProps(KernelConstants.JETTY_FACTORY_PID, "default") != null;
try {
+ // Configuration[] configs = configurationAdmin
+ // .listConfigurations("(service.factoryPid=" +
+ // NodeConstants.NODE_REPOS_FACTORY_PID + ")");
+ // for (Configuration config : configs) {
+ // Object cn = config.getProperties().get(NodeConstants.CN);
+ // if (log.isDebugEnabled())
+ // log.debug("Standalone repo cn: " + cn);
+ // }
Configuration[] configs = configurationAdmin
- .listConfigurations("(service.factoryPid=" + NodeConstants.NODE_REPOS_FACTORY_PID + ")");
- for (Configuration config : configs) {
- Object cn = config.getProperties().get(NodeConstants.CN);
- log.debug("Standalone repo cn: " + cn);
- }
- configs = configurationAdmin
.listConfigurations("(service.factoryPid=" + NodeConstants.NODE_USER_ADMIN_PID + ")");
boolean hasDomain = false;
for (Configuration config : configs) {
Object realm = config.getProperties().get(UserAdminConf.realm.name());
if (realm != null) {
- log.debug("Realm: " + realm);
+ log.debug("Found realm: " + realm);
hasDomain = true;
}
}
- if (!hasDomain) {
- loadNoIpaJaasConfiguration();
+ if (hasDomain) {
+ loadIpaJaasConfiguration();
}
} catch (Exception e) {
throw new CmsException("Cannot initialize config", e);
}.open();
}
- private void loadNoIpaJaasConfiguration() {
+ private void loadIpaJaasConfiguration() {
if (System.getProperty(KernelConstants.JAAS_CONFIG_PROP) == null) {
- String jaasConfig = KernelConstants.JAAS_CONFIG_NOIPA;
+ String jaasConfig = KernelConstants.JAAS_CONFIG_IPA;
URL url = getClass().getClassLoader().getResource(jaasConfig);
KernelUtils.setJaasConfiguration(url);
- if (log.isDebugEnabled())
- log.debug("Set no-IPA JAAS configuration.");
+ log.debug("Set IPA JAAS configuration.");
}
}
// Security
String JAAS_CONFIG = "/org/argeo/cms/internal/kernel/jaas.cfg";
- String JAAS_CONFIG_NOIPA = "/org/argeo/cms/internal/kernel/jaas-noipa.cfg";
+ String JAAS_CONFIG_IPA = "/org/argeo/cms/internal/kernel/jaas-ipa.cfg";
// Java
String JAAS_CONFIG_PROP = "java.security.auth.login.config";
--- /dev/null
+USER {
+ org.argeo.cms.auth.HttpSessionLoginModule sufficient;
+ org.argeo.cms.auth.SpnegoLoginModule optional;
+ com.sun.security.auth.module.Krb5LoginModule optional tryFirstPass=true;
+ org.argeo.cms.auth.UserAdminLoginModule sufficient;
+};
+
+ANONYMOUS {
+ org.argeo.cms.auth.HttpSessionLoginModule sufficient;
+ org.argeo.cms.auth.AnonymousLoginModule sufficient;
+};
+
+DATA_ADMIN {
+ org.argeo.cms.auth.DataAdminLoginModule requisite;
+};
+
+NODE {
+ com.sun.security.auth.module.Krb5LoginModule optional
+ keyTab="${osgi.instance.area}node/krb5.keytab"
+ useKeyTab=true
+ storeKey=true;
+ org.argeo.cms.auth.DataAdminLoginModule requisite;
+};
+
+KEYRING {
+ org.argeo.cms.auth.KeyringLoginModule required;
+};
+
+SINGLE_USER {
+ com.sun.security.auth.module.Krb5LoginModule optional
+ principal="${user.name}"
+ storeKey=true
+ useTicketCache=true
+ debug=true;
+ org.argeo.cms.auth.SingleUserLoginModule requisite;
+};
+
+Jackrabbit {
+ org.argeo.security.jackrabbit.SystemJackrabbitLoginModule requisite;
+};
+++ /dev/null
-USER {
- org.argeo.cms.auth.HttpSessionLoginModule sufficient;
- org.argeo.cms.auth.UserAdminLoginModule sufficient;
-};
-
-ANONYMOUS {
- org.argeo.cms.auth.HttpSessionLoginModule sufficient;
- org.argeo.cms.auth.AnonymousLoginModule sufficient;
-};
-
-DATA_ADMIN {
- org.argeo.cms.auth.DataAdminLoginModule requisite;
-};
-
-NODE {
- org.argeo.cms.auth.DataAdminLoginModule requisite;
-};
-
-KEYRING {
- org.argeo.cms.auth.KeyringLoginModule required;
-};
-
-SINGLE_USER {
- org.argeo.cms.auth.SingleUserLoginModule requisite;
-};
-
-Jackrabbit {
- org.argeo.security.jackrabbit.SystemJackrabbitLoginModule requisite;
-};
USER {
org.argeo.cms.auth.HttpSessionLoginModule sufficient;
- org.argeo.cms.auth.SpnegoLoginModule optional;
- com.sun.security.auth.module.Krb5LoginModule optional tryFirstPass=true;
org.argeo.cms.auth.UserAdminLoginModule sufficient;
};
};
NODE {
- com.sun.security.auth.module.Krb5LoginModule optional
- keyTab="${osgi.instance.area}node/krb5.keytab"
- useKeyTab=true
- storeKey=true;
org.argeo.cms.auth.DataAdminLoginModule requisite;
};
};
SINGLE_USER {
- com.sun.security.auth.module.Krb5LoginModule optional
- principal="${user.name}"
- storeKey=true
- useTicketCache=true
- debug=true;
org.argeo.cms.auth.SingleUserLoginModule requisite;
};
cn: userAdmin
member: cn=admin,ou=roles,ou=node
+dn: cn=registering,ou=roles,ou=node
+objectClass: groupOfNames
+objectClass: top
+cn: registering