import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.argeo.cms.CmsException;
import org.osgi.framework.BundleContext;
import org.osgi.framework.FrameworkUtil;
import org.osgi.service.useradmin.Authorization;
bc = FrameworkUtil.getBundle(AnonymousLoginModule.class).getBundleContext();
assert bc != null;
} catch (Exception e) {
- throw new CmsException("Cannot initialize login module", e);
+ throw new IllegalStateException("Cannot initialize login module", e);
}
}
@Override
public boolean abort() throws LoginException {
- // authorization = null;
return true;
}
import org.argeo.api.security.AnonymousPrincipal;
import org.argeo.api.security.DataAdminPrincipal;
import org.argeo.api.security.NodeSecurityUtils;
-//import org.apache.jackrabbit.core.security.AnonymousPrincipal;
-//import org.apache.jackrabbit.core.security.SecurityConstants;
-//import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
-import org.argeo.cms.CmsException;
import org.argeo.cms.internal.auth.CmsSessionImpl;
import org.argeo.cms.internal.auth.ImpliedByPrincipal;
import org.argeo.cms.internal.http.WebCmsSessionImpl;
import org.osgi.service.http.HttpContext;
import org.osgi.service.useradmin.Authorization;
+/** Centrlaises security related registrations. */
class CmsAuthUtils {
// Standard
final static String SHARED_STATE_NAME = AuthenticatingUser.SHARED_STATE_NAME;
NodeSecurityUtils.checkUserName(name);
userPrincipal = new X500Principal(name.toString());
principals.add(userPrincipal);
- // principals.add(new ImpliedByPrincipal(NodeSecurityUtils.ROLE_USER_NAME,
- // userPrincipal));
if (Activator.isSingleUser()) {
principals.add(new ImpliedByPrincipal(NodeSecurityUtils.ROLE_ADMIN_NAME, userPrincipal));
}
} catch (InvalidNameException e) {
- throw new CmsException("Cannot commit", e);
+ throw new IllegalArgumentException("Cannot commit", e);
}
-
- // registerSessionAuthorization(request, subject, authorization, locale);
}
private static void checkSubjectEmpty(Subject subject) {
cmsSession.close();
cmsSession = null;
} else if (!authorization.getName().equals(cmsSession.getAuthorization().getName())) {
- throw new CmsException("Inconsistent user " + authorization.getName()
+ throw new IllegalStateException("Inconsistent user " + authorization.getName()
+ " for existing CMS session " + cmsSession);
}
// keyring
UUID storedSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next()
.getUuid();
// if (storedSessionId.equals(httpSessionId.getValue()))
- throw new CmsException(
+ throw new IllegalStateException(
"Subject already logged with session " + storedSessionId + " (not " + nodeSessionId + ")");
}
}
sr = bc.getServiceReferences(CmsSession.class,
"(" + CmsSession.SESSION_LOCAL_ID + "=" + httpSessionId + ")");
} catch (InvalidSyntaxException e) {
- throw new CmsException("Cannot get CMS session for id " + httpSessionId, e);
+ throw new IllegalArgumentException("Cannot get CMS session for id " + httpSessionId, e);
}
CmsSession cmsSession;
if (sr.size() == 1) {
} else if (sr.size() == 0)
return null;
else
- throw new CmsException(sr.size() + ">1 web sessions detected for http session " + httpSessionId);
+ throw new IllegalStateException(sr.size() + ">1 web sessions detected for http session " + httpSessionId);
return cmsSession;
}
import javax.security.auth.Subject;
-import org.argeo.cms.CmsException;
-
/**
* The ID of a {@link CmsSession}, which must be available in the private
* credentials of an authenticated {@link Subject}.
public CmsSessionId(UUID value) {
if (value == null)
- throw new CmsException("value cannot be null");
+ throw new IllegalArgumentException("Value cannot be null");
this.uuid = value;
}
import javax.security.auth.x500.X500Principal;
import org.argeo.api.NodeConstants;
-import org.argeo.cms.CmsException;
import org.argeo.cms.internal.auth.CmsSessionImpl;
import org.argeo.cms.internal.auth.ImpliedByPrincipal;
import org.argeo.cms.internal.kernel.Activator;
* context.
*/
public final class CurrentUser {
- // private final static Log log = LogFactory.getLog(CurrentUser.class);
- // private final static BundleContext bc =
- // FrameworkUtil.getBundle(CurrentUser.class).getBundleContext();
/*
* CURRENT USER API
*/
public final static String getUsername(Subject subject) {
if (subject == null)
- throw new CmsException("Subject cannot be null");
+ throw new IllegalArgumentException("Subject cannot be null");
if (subject.getPrincipals(X500Principal.class).size() != 1)
return NodeConstants.ROLE_ANONYMOUS;
Principal principal = subject.getPrincipals(X500Principal.class).iterator().next();
* HELPERS
*/
private static Subject currentSubject() {
- // CmsAuthenticated cmsView = getNodeAuthenticated();
- // if (cmsView != null)
- // return cmsView.getSubject();
Subject subject = getAccessControllerSubject();
if (subject != null)
return subject;
- throw new CmsException("Cannot find related subject");
+ throw new IllegalStateException("Cannot find related subject");
}
private static Subject getAccessControllerSubject() {
return Subject.getSubject(AccessController.getContext());
}
- // public static boolean isAuthenticated() {
- // return getAccessControllerSubject() != null;
- // }
-
- /**
- * The node authenticated component (typically a CMS view) related to this
- * display, or null if none is available from this call. <b>Not API: Only for
- * low-level access.</b>
- */
- // private static CmsAuthenticated getNodeAuthenticated() {
- // return UiContext.getData(CmsAuthenticated.KEY);
- // }
-
private static Authorization getAuthorization(Subject subject) {
return subject.getPrivateCredentials(Authorization.class).iterator().next();
}
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+/** Retrieves credentials from an HTTP request. */
public class HttpRequestCallback implements Callback {
private HttpServletRequest request;
private HttpServletResponse response;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.argeo.cms.CmsException;
import org.argeo.cms.internal.kernel.Activator;
import org.osgi.framework.BundleContext;
import org.osgi.framework.FrameworkUtil;
sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, login);
sharedState.put(CmsAuthUtils.SHARED_STATE_PWD, password);
} else {
- throw new CmsException("Invalid authentication token");
+ throw new IllegalStateException("Invalid authentication token");
}
} catch (Exception e) {
- throw new CmsException("Couldn't retrieve authentication", e);
+ throw new IllegalStateException("Couldn't retrieve authentication", e);
}
} else if (basic.equalsIgnoreCase("Negotiate")) {
String spnegoToken = st.nextToken();
import org.osgi.service.useradmin.Authorization;
+/**
+ * {@link Authorization} for a single user.
+ *
+ * @see SingleUserLoginModule
+ */
public class SingleUserAuthorization implements Authorization {
@Override
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.Principal;
+import java.util.Locale;
import java.util.Map;
import java.util.Set;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import javax.security.auth.x500.X500Principal;
+import javax.servlet.http.HttpServletRequest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.argeo.osgi.useradmin.IpaUtils;
import org.osgi.service.useradmin.Authorization;
+/** Login module for when the system is owned by a single user. */
public class SingleUserLoginModule implements LoginModule {
private final static Log log = LogFactory.getLog(SingleUserLoginModule.class);
principals.add(principal);
principals.add(new ImpliedByPrincipal(NodeConstants.ROLE_ADMIN, principal));
principals.add(new DataAdminPrincipal());
-
+
+ HttpServletRequest request = (HttpServletRequest) sharedState.get(CmsAuthUtils.SHARED_STATE_HTTP_REQUEST);
+ Locale locale = Locale.getDefault();
+ if (request != null)
+ locale = request.getLocale();
+ if (locale == null)
+ locale = Locale.getDefault();
Authorization authorization = new SingleUserAuthorization();
- subject.getPrivateCredentials().add(authorization);
+ CmsAuthUtils.addAuthorization(subject, authorization);
+ CmsAuthUtils.registerSessionAuthorization(request, subject, authorization, locale);
return true;
}
@Override
public boolean logout() throws LoginException {
- // TODO Auto-generated method stub
+ CmsAuthUtils.cleanUp(subject);
return true;
}
import org.apache.commons.logging.LogFactory;
import org.argeo.api.NodeConstants;
import org.argeo.api.security.CryptoKeyring;
-import org.argeo.cms.CmsException;
import org.argeo.cms.internal.kernel.Activator;
import org.argeo.naming.LdapAttrs;
import org.argeo.osgi.useradmin.AuthenticatingUser;
this.callbackHandler = callbackHandler;
this.sharedState = (Map<String, Object>) sharedState;
} catch (Exception e) {
- throw new CmsException("Cannot initialize login module", e);
+ throw new IllegalStateException("Cannot initialize login module", e);
}
}
} else if (singleUser) {
username = OsUserUtils.getOsUsername();
password = null;
+ // TODO retrieve from http session
+ locale = Locale.getDefault();
} else {
// ask for username and password
@Override
public boolean commit() throws LoginException {
- if (locale == null)
- subject.getPublicCredentials().add(Locale.getDefault());
- else
+ if (locale != null)
subject.getPublicCredentials().add(locale);
if (singleUser) {
public boolean logout() throws LoginException {
if (log.isTraceEnabled())
log.trace("Logging out from CMS... " + subject);
- // boolean httpSessionLogoutOk = CmsAuthUtils.logoutSession(bc,
- // subject);
CmsAuthUtils.cleanUp(subject);
return true;
}
import javax.naming.ldap.Rdn;
import org.argeo.api.NodeConstants;
-import org.argeo.cms.CmsException;
import org.argeo.naming.LdapAttrs;
import org.osgi.service.useradmin.Role;
import org.osgi.service.useradmin.User;
|| last.getType().toLowerCase().equals(LdapAttrs.cn.name()))
return (String) last.getValue();
else
- throw new CmsException("Cannot retrieve user local id, non valid dn: " + dn);
+ throw new IllegalArgumentException("Cannot retrieve user local id, non valid dn: " + dn);
}
/**
try {
return new LdapName(dn);
} catch (InvalidNameException e) {
- throw new CmsException("Cannot parse LDAP name " + dn, e);
+ throw new IllegalArgumentException("Cannot parse LDAP name " + dn, e);
}
}
}
return dname;
} catch (InvalidNameException e) {
- throw new CmsException("Unable to get domain name for " + dn, e);
+ throw new IllegalArgumentException("Unable to get domain name for " + dn, e);
}
}
import org.osgi.framework.ServiceRegistration;
import org.osgi.service.useradmin.Authorization;
+/** Default CMS session implementation. */
public class CmsSessionImpl implements CmsSession {
private final static BundleContext bc = FrameworkUtil.getBundle(CmsSessionImpl.class).getBundleContext();
private final static Log log = LogFactory.getLog(CmsSessionImpl.class);
import javax.security.auth.callback.TextOutputCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
-import org.argeo.cms.CmsException;
-
/** Callback handler to be used with a command line UI. */
public class ConsoleCallbackHandler implements CallbackHandler {
@Override
- public void handle(Callback[] callbacks) throws IOException,
- UnsupportedCallbackException {
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
Console console = System.console();
if (console == null)
- throw new CmsException("No console available");
+ throw new IllegalStateException("No console available");
PrintWriter writer = console.writer();
for (int i = 0; i < callbacks.length; i++) {
writer.write(" (" + callback.getDefaultName() + ")");
writer.write(" : ");
String answer = console.readLine();
- if (callback.getDefaultName() != null
- && answer.trim().equals(""))
+ if (callback.getDefaultName() != null && answer.trim().equals(""))
callback.setName(callback.getDefaultName());
else
callback.setName(answer);
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
-import org.argeo.cms.CmsException;
import org.osgi.service.useradmin.Authorization;
import org.osgi.service.useradmin.Role;
try {
this.name = new LdapName(name);
} catch (InvalidNameException e) {
- throw new CmsException("Badly formatted role name", e);
+ throw new IllegalArgumentException("Badly formatted role name", e);
}
if (userPrincipal != null)
causes.add(userPrincipal);
import org.argeo.cms.internal.auth.CmsSessionImpl;
import org.osgi.service.useradmin.Authorization;
+/** CMS session implementation in a web context. */
public class WebCmsSessionImpl extends CmsSessionImpl {
// private final static Log log =
// LogFactory.getLog(WebCmsSessionImpl.class);
private HttpSession httpSession;
- public WebCmsSessionImpl(Subject initialSubject, Authorization authorization, Locale locale, HttpServletRequest request) {
- super(initialSubject, authorization, locale,request.getSession(false).getId());
+ public WebCmsSessionImpl(Subject initialSubject, Authorization authorization, Locale locale,
+ HttpServletRequest request) {
+ super(initialSubject, authorization, locale, request.getSession(false).getId());
httpSession = request.getSession(false);
}