From abdb7ad6f6275a90b407062578892b1f088fa9bd Mon Sep 17 00:00:00 2001 From: Mathieu Baudier Date: Sat, 17 Sep 2022 07:18:44 +0200 Subject: [PATCH] Disable unused keyring --- .../cms/jcr/internal/CmsJcrDeployment.java | 35 ++++++-------- .../argeo/cms/auth/UserAdminLoginModule.java | 46 +++++++++---------- 2 files changed, 37 insertions(+), 44 deletions(-) diff --git a/jcr/org.argeo.cms.jcr/src/org/argeo/cms/jcr/internal/CmsJcrDeployment.java b/jcr/org.argeo.cms.jcr/src/org/argeo/cms/jcr/internal/CmsJcrDeployment.java index ca25ddbdf..35800f895 100644 --- a/jcr/org.argeo.cms.jcr/src/org/argeo/cms/jcr/internal/CmsJcrDeployment.java +++ b/jcr/org.argeo.cms.jcr/src/org/argeo/cms/jcr/internal/CmsJcrDeployment.java @@ -21,7 +21,6 @@ import java.util.Set; import javax.jcr.Repository; import javax.jcr.RepositoryException; import javax.jcr.Session; -import javax.security.auth.callback.CallbackHandler; import javax.servlet.Servlet; import org.apache.jackrabbit.commons.cnd.CndImporter; @@ -35,12 +34,9 @@ import org.argeo.cms.jcr.internal.servlet.CmsRemotingServlet; import org.argeo.cms.jcr.internal.servlet.CmsWebDavServlet; import org.argeo.cms.jcr.internal.servlet.JcrHttpUtils; import org.argeo.cms.osgi.DataModelNamespace; -import org.argeo.cms.security.CryptoKeyring; -import org.argeo.cms.security.Keyring; import org.argeo.jcr.Jcr; import org.argeo.jcr.JcrException; import org.argeo.jcr.JcrUtils; -import org.argeo.util.LangUtils; import org.osgi.framework.Bundle; import org.osgi.framework.BundleContext; import org.osgi.framework.Constants; @@ -50,7 +46,6 @@ import org.osgi.framework.ServiceReference; import org.osgi.framework.wiring.BundleCapability; import org.osgi.framework.wiring.BundleWire; import org.osgi.framework.wiring.BundleWiring; -import org.osgi.service.cm.ManagedService; import org.osgi.service.http.whiteboard.HttpWhiteboardConstants; import org.osgi.util.tracker.ServiceTracker; @@ -246,21 +241,21 @@ public class CmsJcrDeployment { registerRepositoryServlets(CmsConstants.EGO_REPOSITORY, egoRepository); // Keyring only if Argeo extensions are available - if (argeoDataModelExtensionsAvailable) { - new ServiceTracker(bc, CallbackHandler.class, null) { - - @Override - public CallbackHandler addingService(ServiceReference reference) { - NodeKeyRing nodeKeyring = new NodeKeyRing(egoRepository); - CallbackHandler callbackHandler = bc.getService(reference); - nodeKeyring.setDefaultCallbackHandler(callbackHandler); - bc.registerService(LangUtils.names(Keyring.class, CryptoKeyring.class, ManagedService.class), - nodeKeyring, LangUtils.dict(Constants.SERVICE_PID, CmsConstants.NODE_KEYRING_PID)); - return callbackHandler; - } - - }.open(); - } +// if (argeoDataModelExtensionsAvailable) { +// new ServiceTracker(bc, CallbackHandler.class, null) { +// +// @Override +// public CallbackHandler addingService(ServiceReference reference) { +// NodeKeyRing nodeKeyring = new NodeKeyRing(egoRepository); +// CallbackHandler callbackHandler = bc.getService(reference); +// nodeKeyring.setDefaultCallbackHandler(callbackHandler); +// bc.registerService(LangUtils.names(Keyring.class, CryptoKeyring.class, ManagedService.class), +// nodeKeyring, LangUtils.dict(Constants.SERVICE_PID, CmsConstants.NODE_KEYRING_PID)); +// return callbackHandler; +// } +// +// }.open(); +// } } /** Session is logged out. */ diff --git a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java index 4c9d09480..dd6575538 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java @@ -27,14 +27,12 @@ import javax.security.auth.spi.LoginModule; import org.argeo.api.cms.CmsConstants; import org.argeo.api.cms.CmsLog; import org.argeo.cms.internal.runtime.CmsContextImpl; -import org.argeo.cms.security.CryptoKeyring; import org.argeo.osgi.useradmin.AuthenticatingUser; import org.argeo.osgi.useradmin.TokenUtils; import org.argeo.util.directory.ldap.IpaUtils; import org.argeo.util.naming.LdapAttrs; import org.osgi.framework.BundleContext; import org.osgi.framework.FrameworkUtil; -import org.osgi.framework.ServiceReference; import org.osgi.service.useradmin.Authorization; import org.osgi.service.useradmin.Group; import org.osgi.service.useradmin.User; @@ -248,28 +246,28 @@ public class UserAdminLoginModule implements LoginModule { CmsAuthUtils.addAuthorization(subject, authorization); // Unlock keyring (underlying login to the JCR repository) - char[] password = (char[]) sharedState.get(CmsAuthUtils.SHARED_STATE_PWD); - if (password != null) { - ServiceReference keyringSr = bc.getServiceReference(CryptoKeyring.class); - if (keyringSr != null) { - CryptoKeyring keyring = bc.getService(keyringSr); - Subject.doAs(subject, new PrivilegedAction() { - - @Override - public Void run() { - try { - keyring.unlock(password); - } catch (Exception e) { - e.printStackTrace(); - log.warn("Could not unlock keyring with the password provided by " + authorization.getName() - + ": " + e.getMessage()); - } - return null; - } - - }); - } - } +// char[] password = (char[]) sharedState.get(CmsAuthUtils.SHARED_STATE_PWD); +// if (password != null) { +// ServiceReference keyringSr = bc.getServiceReference(CryptoKeyring.class); +// if (keyringSr != null) { +// CryptoKeyring keyring = bc.getService(keyringSr); +// Subject.doAs(subject, new PrivilegedAction() { +// +// @Override +// public Void run() { +// try { +// keyring.unlock(password); +// } catch (Exception e) { +// e.printStackTrace(); +// log.warn("Could not unlock keyring with the password provided by " + authorization.getName() +// + ": " + e.getMessage()); +// } +// return null; +// } +// +// }); +// } +// } // Register CmsSession with initial subject CmsAuthUtils.registerSessionAuthorization(request, subject, authorization, locale); -- 2.30.2