Use no IPA JAAS as default

author Mathieu Baudier <mbaudier@argeo.org>

Tue, 7 Nov 2017 11:13:39 +0000 (12:13 +0100)

committer Mathieu Baudier <mbaudier@argeo.org>

Tue, 7 Nov 2017 11:16:25 +0000 (12:16 +0100)
author Mathieu Baudier <mbaudier@argeo.org>
Tue, 7 Nov 2017 11:13:39 +0000 (12:13 +0100)
committer Mathieu Baudier <mbaudier@argeo.org>
Tue, 7 Nov 2017 11:16:25 +0000 (12:16 +0100)
diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/CmsDeployment.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/CmsDeployment.java

index 07c10f486045f64d0d7adf120367b2af08a93c13..10ebb603a10ea4c57a42c92418546940f4cdfe94 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/CmsDeployment.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/CmsDeployment.java
@@ -103,25 +103,27 @@ public class CmsDeployment implements NodeDeployment {
                                 deployConfig = new DeployConfig(configurationAdmin, cleanState);
                                 httpExpected = deployConfig.getProps(KernelConstants.JETTY_FACTORY_PID, "default") != null;
                                 try {
+                                       // Configuration[] configs = configurationAdmin
+                                       // .listConfigurations("(service.factoryPid=" +
+                                       // NodeConstants.NODE_REPOS_FACTORY_PID + ")");
+                                       // for (Configuration config : configs) {
+                                       // Object cn = config.getProperties().get(NodeConstants.CN);
+                                       // if (log.isDebugEnabled())
+                                       // log.debug("Standalone repo cn: " + cn);
+                                       // }
                                         Configuration[] configs = configurationAdmin
-                                                       .listConfigurations("(service.factoryPid=" + NodeConstants.NODE_REPOS_FACTORY_PID + ")");
-                                       for (Configuration config : configs) {
-                                               Object cn = config.getProperties().get(NodeConstants.CN);
-                                               log.debug("Standalone repo cn: " + cn);
-                                       }
-                                       configs = configurationAdmin
                                                         .listConfigurations("(service.factoryPid=" + NodeConstants.NODE_USER_ADMIN_PID + ")");
  
                                         boolean hasDomain = false;
                                         for (Configuration config : configs) {
                                                 Object realm = config.getProperties().get(UserAdminConf.realm.name());
                                                 if (realm != null) {
-                                                       log.debug("Realm: " + realm);
+                                                       log.debug("Found realm: " + realm);
                                                         hasDomain = true;
                                                 }
                                         }
-                                       if (!hasDomain) {
-                                               loadNoIpaJaasConfiguration();
+                                       if (hasDomain) {
+                                               loadIpaJaasConfiguration();
                                         }
                                 } catch (Exception e) {
                                         throw new CmsException("Cannot initialize config", e);
@@ -131,13 +133,12 @@ public class CmsDeployment implements NodeDeployment {
                 }.open();
         }
  
-       private void loadNoIpaJaasConfiguration() {
+       private void loadIpaJaasConfiguration() {
                 if (System.getProperty(KernelConstants.JAAS_CONFIG_PROP) == null) {
-                       String jaasConfig = KernelConstants.JAAS_CONFIG_NOIPA;
+                       String jaasConfig = KernelConstants.JAAS_CONFIG_IPA;
                         URL url = getClass().getClassLoader().getResource(jaasConfig);
                         KernelUtils.setJaasConfiguration(url);
-                       if (log.isDebugEnabled())
-                               log.debug("Set no-IPA JAAS configuration.");
+                       log.debug("Set IPA JAAS configuration.");
                 }
         }
  
diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/KernelConstants.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/KernelConstants.java

index 25e2f1d4191415a7c8190b9c2261cc2a110222cc..45f3354b89b55497885878d97f47d2ca37859af4 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/KernelConstants.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/KernelConstants.java
@@ -18,7 +18,7 @@ public interface KernelConstants {
  
         // Security
         String JAAS_CONFIG = "/org/argeo/cms/internal/kernel/jaas.cfg";
-       String JAAS_CONFIG_NOIPA = "/org/argeo/cms/internal/kernel/jaas-noipa.cfg";
+       String JAAS_CONFIG_IPA = "/org/argeo/cms/internal/kernel/jaas-ipa.cfg";
  
         // Java
         String JAAS_CONFIG_PROP = "java.security.auth.login.config";
diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas-ipa.cfg b/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas-ipa.cfg

new file mode 100644 (file)

index 0000000..018c1bf
--- /dev/null
+++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas-ipa.cfg
@@ -0,0 +1,40 @@
+USER {
+    org.argeo.cms.auth.HttpSessionLoginModule sufficient;
+    org.argeo.cms.auth.SpnegoLoginModule optional;
+    com.sun.security.auth.module.Krb5LoginModule optional tryFirstPass=true;
+    org.argeo.cms.auth.UserAdminLoginModule sufficient;
+};
+
+ANONYMOUS {
+    org.argeo.cms.auth.HttpSessionLoginModule sufficient;
+    org.argeo.cms.auth.AnonymousLoginModule sufficient;
+};
+
+DATA_ADMIN {
+    org.argeo.cms.auth.DataAdminLoginModule requisite;
+};
+
+NODE {
+    com.sun.security.auth.module.Krb5LoginModule optional
+     keyTab="${osgi.instance.area}node/krb5.keytab" 
+     useKeyTab=true
+     storeKey=true;
+    org.argeo.cms.auth.DataAdminLoginModule requisite;
+};
+
+KEYRING {
+    org.argeo.cms.auth.KeyringLoginModule required;
+};
+
+SINGLE_USER {
+    com.sun.security.auth.module.Krb5LoginModule optional
+     principal="${user.name}"
+     storeKey=true
+     useTicketCache=true
+     debug=true;
+    org.argeo.cms.auth.SingleUserLoginModule requisite;
+};
+
+Jackrabbit {
+   org.argeo.security.jackrabbit.SystemJackrabbitLoginModule requisite;
+};
diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas-noipa.cfg b/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas-noipa.cfg

deleted file mode 100644 (file)

index e32c23f..0000000
--- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas-noipa.cfg
+++ /dev/null
@@ -1,29 +0,0 @@
-USER {
-    org.argeo.cms.auth.HttpSessionLoginModule sufficient;
-    org.argeo.cms.auth.UserAdminLoginModule sufficient;
-};
-
-ANONYMOUS {
-    org.argeo.cms.auth.HttpSessionLoginModule sufficient;
-    org.argeo.cms.auth.AnonymousLoginModule sufficient;
-};
-
-DATA_ADMIN {
-    org.argeo.cms.auth.DataAdminLoginModule requisite;
-};
-
-NODE {
-    org.argeo.cms.auth.DataAdminLoginModule requisite;
-};
-
-KEYRING {
-    org.argeo.cms.auth.KeyringLoginModule required;
-};
-
-SINGLE_USER {
-    org.argeo.cms.auth.SingleUserLoginModule requisite;
-};
-
-Jackrabbit {
-   org.argeo.security.jackrabbit.SystemJackrabbitLoginModule requisite;
-};
diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg b/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg

index 018c1bf9ca947f1376b045e9e94484fda498376e..e32c23f11c09f167f29a93e67e6358c738c89526 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg
+++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg
@@ -1,7 +1,5 @@
  USER {
      org.argeo.cms.auth.HttpSessionLoginModule sufficient;
-    org.argeo.cms.auth.SpnegoLoginModule optional;
-    com.sun.security.auth.module.Krb5LoginModule optional tryFirstPass=true;
      org.argeo.cms.auth.UserAdminLoginModule sufficient;
  };
  
@@ -15,10 +13,6 @@ DATA_ADMIN {
  };
  
  NODE {
-    com.sun.security.auth.module.Krb5LoginModule optional
-     keyTab="${osgi.instance.area}node/krb5.keytab" 
-     useKeyTab=true
-     storeKey=true;
      org.argeo.cms.auth.DataAdminLoginModule requisite;
  };
  
@@ -27,11 +21,6 @@ KEYRING {
  };
  
  SINGLE_USER {
-    com.sun.security.auth.module.Krb5LoginModule optional
-     principal="${user.name}"
-     storeKey=true
-     useTicketCache=true
-     debug=true;
      org.argeo.cms.auth.SingleUserLoginModule requisite;
  };
  
diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/ou=roles,ou=node.ldif b/org.argeo.cms/src/org/argeo/cms/internal/kernel/ou=roles,ou=node.ldif

index c50a483fd344d46930fc77306c397f6898d25799..d9c1fbf40e263ec878d708a1c4c820a91bf36a9c 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/ou=roles,ou=node.ldif
+++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/ou=roles,ou=node.ldif
@@ -20,4 +20,8 @@ objectClass: top
  cn: userAdmin
  member: cn=admin,ou=roles,ou=node
  
+dn: cn=registering,ou=roles,ou=node
+objectClass: groupOfNames
+objectClass: top
+cn: registering
author	Mathieu Baudier <mbaudier@argeo.org>
	Tue, 7 Nov 2017 11:13:39 +0000 (12:13 +0100)
committer	Mathieu Baudier <mbaudier@argeo.org>
	Tue, 7 Nov 2017 11:16:25 +0000 (12:16 +0100)
org.argeo.cms/src/org/argeo/cms/internal/kernel/CmsDeployment.java		patch \| blob \| history
org.argeo.cms/src/org/argeo/cms/internal/kernel/KernelConstants.java		patch \| blob \| history
org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas-ipa.cfg	[new file with mode: 0644]	patch \| blob
org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas-noipa.cfg	[deleted file]	patch \| blob \| history
org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg		patch \| blob \| history
org.argeo.cms/src/org/argeo/cms/internal/kernel/ou=roles,ou=node.ldif		patch \| blob \| history