CmsAuthUtils.java

   1 package org.argeo.cms.auth;
   2
   3 import java.security.Principal;
   4 import java.util.Set;
   5
   6 import javax.naming.InvalidNameException;
   7 import javax.naming.ldap.LdapName;
   8 import javax.security.auth.Subject;
   9 import javax.security.auth.x500.X500Principal;
  10
  11 //import org.apache.jackrabbit.core.security.AnonymousPrincipal;
  12 //import org.apache.jackrabbit.core.security.SecurityConstants;
  13 //import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
  14 import org.argeo.cms.CmsException;
  15 import org.argeo.cms.internal.auth.ImpliedByPrincipal;
  16 import org.argeo.node.security.AnonymousPrincipal;
  17 import org.argeo.node.security.NodeSecurityUtils;
  18 import org.osgi.service.useradmin.Authorization;
  19
  20 class CmsAuthUtils {
  21
  22         static void addAuthentication(Subject subject, Authorization authorization) {
  23                 assert subject != null;
  24                 assert authorization != null;
  25
  26                 // required for display name:
  27                 subject.getPrivateCredentials().add(authorization);
  28
  29                 Set<Principal> principals = subject.getPrincipals();
  30                 try {
  31                         String authName = authorization.getName();
  32
  33                         // determine user's principal
  34                         final LdapName name;
  35                         final Principal userPrincipal;
  36                         if (authName == null) {
  37                                 name = NodeSecurityUtils.ROLE_ANONYMOUS_NAME;
  38                                 userPrincipal = new AnonymousPrincipal();
  39                                 principals.add(userPrincipal);
  40                                 // principals.add(new AnonymousPrincipal());
  41                         } else {
  42                                 name = new LdapName(authName);
  43                                 NodeSecurityUtils.checkUserName(name);
  44                                 userPrincipal = new X500Principal(name.toString());
  45                                 principals.add(userPrincipal);
  46                                 principals.add(new ImpliedByPrincipal(NodeSecurityUtils.ROLE_USER_NAME, userPrincipal));
  47                         }
  48
  49                         // Add roles provided by authorization
  50                         for (String role : authorization.getRoles()) {
  51                                 LdapName roleName = new LdapName(role);
  52                                 if (roleName.equals(name)) {
  53                                         // skip
  54                                 } else {
  55                                         NodeSecurityUtils.checkImpliedPrincipalName(roleName);
  56                                         principals.add(new ImpliedByPrincipal(roleName.toString(), userPrincipal));
  57                                         // if (roleName.equals(ROLE_ADMIN_NAME))
  58                                         // principals.add(new
  59                                         // AdminPrincipal(SecurityConstants.ADMIN_ID));
  60                                 }
  61                         }
  62
  63                 } catch (InvalidNameException e) {
  64                         throw new CmsException("Cannot commit", e);
  65                 }
  66         }
  67
  68         static void cleanUp(Subject subject) {
  69                 // Argeo
  70                 subject.getPrincipals().removeAll(subject.getPrincipals(X500Principal.class));
  71                 subject.getPrincipals().removeAll(subject.getPrincipals(ImpliedByPrincipal.class));
  72                 // Jackrabbit
  73                 // subject.getPrincipals().removeAll(subject.getPrincipals(AdminPrincipal.class));
  74                 // subject.getPrincipals().removeAll(subject.getPrincipals(AnonymousPrincipal.class));
  75         }
  76
  77         private CmsAuthUtils() {
  78
  79         }
  80 }