View Javadoc
1   package org.argeo.cms.auth;
2   
3   import java.net.InetAddress;
4   import java.net.UnknownHostException;
5   import java.security.Principal;
6   import java.util.Map;
7   import java.util.Set;
8   
9   import javax.naming.ldap.LdapName;
10  import javax.security.auth.Subject;
11  import javax.security.auth.callback.CallbackHandler;
12  import javax.security.auth.kerberos.KerberosPrincipal;
13  import javax.security.auth.login.LoginException;
14  import javax.security.auth.spi.LoginModule;
15  import javax.security.auth.x500.X500Principal;
16  
17  import org.apache.commons.logging.Log;
18  import org.apache.commons.logging.LogFactory;
19  import org.argeo.api.NodeConstants;
20  import org.argeo.api.security.DataAdminPrincipal;
21  import org.argeo.cms.internal.auth.ImpliedByPrincipal;
22  import org.argeo.naming.LdapAttrs;
23  import org.argeo.osgi.useradmin.IpaUtils;
24  
25  public class SingleUserLoginModule implements LoginModule {
26  	private final static Log log = LogFactory.getLog(SingleUserLoginModule.class);
27  
28  	private Subject subject;
29  	private Map<String, Object> sharedState = null;
30  
31  	@SuppressWarnings("unchecked")
32  	@Override
33  	public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
34  			Map<String, ?> options) {
35  		this.subject = subject;
36  		this.sharedState = (Map<String, Object>) sharedState;
37  	}
38  
39  	@Override
40  	public boolean login() throws LoginException {
41  		String username = System.getProperty("user.name");
42  		if (!sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME))
43  			sharedState.put(CmsAuthUtils.SHARED_STATE_NAME, username);
44  		return true;
45  	}
46  
47  	@Override
48  	public boolean commit() throws LoginException {
49  		X500Principal principal;
50  		KerberosPrincipal kerberosPrincipal = CmsAuthUtils.getSinglePrincipal(subject, KerberosPrincipal.class);
51  		if (kerberosPrincipal != null) {
52  			LdapName userDn = IpaUtils.kerberosToDn(kerberosPrincipal.getName());
53  			principal = new X500Principal(userDn.toString());
54  		} else {
55  			Object username = sharedState.get(CmsAuthUtils.SHARED_STATE_NAME);
56  			if (username == null)
57  				throw new LoginException("No username available");
58  			String hostname;
59  			try {
60  				hostname = InetAddress.getLocalHost().getHostName();
61  			} catch (UnknownHostException e) {
62  				log.warn("Using localhost as hostname", e);
63  				hostname = "localhost";
64  			}
65  			String baseDn = ("." + hostname).replaceAll("\\.", ",dc=");
66  			principal = new X500Principal(LdapAttrs.uid + "=" + username + baseDn);
67  		}
68  		Set<Principal> principals = subject.getPrincipals();
69  		principals.add(principal);
70  		principals.add(new ImpliedByPrincipal(NodeConstants.ROLE_ADMIN, principal));
71  		principals.add(new DataAdminPrincipal());
72  		return true;
73  	}
74  
75  	@Override
76  	public boolean abort() throws LoginException {
77  		return true;
78  	}
79  
80  	@Override
81  	public boolean logout() throws LoginException {
82  		// TODO Auto-generated method stub
83  		return true;
84  	}
85  
86  }