final static String SHARED_STATE_CERTIFICATE_CHAIN = "org.argeo.cms.auth.certificateChain";
final static String SHARED_STATE_REMOTE_ADDR = "org.argeo.cms.auth.remote.addr";
final static String SHARED_STATE_REMOTE_PORT = "org.argeo.cms.auth.remote.port";
+ final static String SHARED_STATE_OS_USERNAME = "org.argeo.cms.os.username";
final static String SINGLE_USER_LOCAL_ID = "single-user";
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.kerberos.KerberosPrincipal;
+import javax.security.auth.login.CredentialException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import javax.security.auth.x500.X500Principal;
@Override
public boolean login() throws LoginException {
String username = System.getProperty("user.name");
- if (!sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME))
- sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, username);
+ if (sharedState.containsKey(CmsAuthUtils.SHARED_STATE_OS_USERNAME)
+ && !username.equals(sharedState.get(CmsAuthUtils.SHARED_STATE_OS_USERNAME)))
+ throw new CredentialException(
+ "OS username already set with " + sharedState.get(CmsAuthUtils.SHARED_STATE_OS_USERNAME));
+ if (!sharedState.containsKey(CmsAuthUtils.SHARED_STATE_OS_USERNAME))
+ sharedState.put(CmsAuthUtils.SHARED_STATE_OS_USERNAME, username);
return true;
}
X500Principal principal = new X500Principal(userDn.toString());
authorizationName = principal.getName();
} else {
- Object username = sharedState.get(CmsAuthUtils.SHARED_STATE_NAME);
+ Object username = sharedState.get(CmsAuthUtils.SHARED_STATE_OS_USERNAME);
if (username == null)
throw new LoginException("No username available");
String hostname = CmsContextImpl.getCmsContext().getCmsState().getHostname();
username = (String) sharedState.get(CmsAuthUtils.SHARED_STATE_NAME);
password = null;
preauth = true;
+ } else if (sharedState.containsKey(CmsAuthUtils.SHARED_STATE_OS_USERNAME)) {
+ // single user, we assume Kerberos or other mean for commit
+ username = (String) sharedState.get(CmsAuthUtils.SHARED_STATE_OS_USERNAME);
+ password = null;
+ preauth = true;
} else {
// ask for username and password
// }
UserAdmin userAdmin = CmsContextImpl.getCmsContext().getUserAdmin();
Authorization authorization;
- if (callbackHandler == null) {// anonymous
+ if (callbackHandler == null && !sharedState.containsKey(CmsAuthUtils.SHARED_STATE_OS_USERNAME)) {// anonymous
authorization = userAdmin.getAuthorization(null);
} else if (bindAuthorization != null) {// bind
authorization = bindAuthorization;