1 package org
.argeo
.cms
.auth
;
3 import java
.security
.Principal
;
6 import javax
.naming
.InvalidNameException
;
7 import javax
.naming
.ldap
.LdapName
;
8 import javax
.security
.auth
.Subject
;
9 import javax
.security
.auth
.x500
.X500Principal
;
11 //import org.apache.jackrabbit.core.security.AnonymousPrincipal;
12 //import org.apache.jackrabbit.core.security.SecurityConstants;
13 //import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
14 import org
.argeo
.cms
.CmsException
;
15 import org
.argeo
.cms
.internal
.auth
.ImpliedByPrincipal
;
16 import org
.argeo
.node
.security
.AnonymousPrincipal
;
17 import org
.argeo
.node
.security
.DataAdminPrincipal
;
18 import org
.argeo
.node
.security
.NodeSecurityUtils
;
19 import org
.osgi
.service
.useradmin
.Authorization
;
22 /** From org.osgi.service.http.HttpContext */
23 static final String SHARED_STATE_AUTHORIZATION
= "org.osgi.service.useradmin.authorization";
24 /** From com.sun.security.auth.module.*LoginModule */
25 static final String SHARED_STATE_NAME
= "javax.security.auth.login.name";
26 /** From com.sun.security.auth.module.*LoginModule */
27 static final String SHARED_STATE_PWD
= "javax.security.auth.login.password";
29 static void addAuthentication(Subject subject
, Authorization authorization
) {
30 assert subject
!= null;
31 checkSubjectEmpty(subject
);
32 assert authorization
!= null;
34 // required for display name:
35 subject
.getPrivateCredentials().add(authorization
);
37 Set
<Principal
> principals
= subject
.getPrincipals();
39 String authName
= authorization
.getName();
41 // determine user's principal
43 final Principal userPrincipal
;
44 if (authName
== null) {
45 name
= NodeSecurityUtils
.ROLE_ANONYMOUS_NAME
;
46 userPrincipal
= new AnonymousPrincipal();
47 principals
.add(userPrincipal
);
48 // principals.add(new AnonymousPrincipal());
50 name
= new LdapName(authName
);
51 NodeSecurityUtils
.checkUserName(name
);
52 userPrincipal
= new X500Principal(name
.toString());
53 principals
.add(userPrincipal
);
54 principals
.add(new ImpliedByPrincipal(NodeSecurityUtils
.ROLE_USER_NAME
, userPrincipal
));
57 // Add roles provided by authorization
58 for (String role
: authorization
.getRoles()) {
59 LdapName roleName
= new LdapName(role
);
60 if (roleName
.equals(name
)) {
63 NodeSecurityUtils
.checkImpliedPrincipalName(roleName
);
64 principals
.add(new ImpliedByPrincipal(roleName
.toString(), userPrincipal
));
65 // if (roleName.equals(ROLE_ADMIN_NAME))
67 // AdminPrincipal(SecurityConstants.ADMIN_ID));
71 } catch (InvalidNameException e
) {
72 throw new CmsException("Cannot commit", e
);
76 private static void checkSubjectEmpty(Subject subject
) {
77 if (!subject
.getPrincipals(AnonymousPrincipal
.class).isEmpty())
78 throw new IllegalStateException("Already logged in as anonymous: " + subject
);
79 if (!subject
.getPrincipals(X500Principal
.class).isEmpty())
80 throw new IllegalStateException("Already logged in as user: " + subject
);
81 if (!subject
.getPrincipals(DataAdminPrincipal
.class).isEmpty())
82 throw new IllegalStateException("Already logged in as data admin: " + subject
);
83 if (!subject
.getPrincipals(ImpliedByPrincipal
.class).isEmpty())
84 throw new IllegalStateException("Already authorized: " + subject
);
87 static void cleanUp(Subject subject
) {
89 subject
.getPrincipals().removeAll(subject
.getPrincipals(X500Principal
.class));
90 subject
.getPrincipals().removeAll(subject
.getPrincipals(ImpliedByPrincipal
.class));
92 // subject.getPrincipals().removeAll(subject.getPrincipals(AdminPrincipal.class));
93 // subject.getPrincipals().removeAll(subject.getPrincipals(AnonymousPrincipal.class));
97 // compatible with com.sun.security.auth.module.*LoginModule
98 // public static final String SHARED_STATE_USERNAME =
99 // "javax.security.auth.login.name";
100 // public static final String SHARED_STATE_PASSWORD =
101 // "javax.security.auth.login.password";
103 private CmsAuthUtils() {