1 package org
.argeo
.cms
.auth
;
5 import javax
.security
.auth
.Subject
;
6 import javax
.security
.auth
.callback
.CallbackHandler
;
7 import javax
.security
.auth
.login
.LoginException
;
8 import javax
.security
.auth
.spi
.LoginModule
;
10 import org
.osgi
.service
.useradmin
.Authorization
;
12 public class NodeUserLoginModule
implements LoginModule
, AuthConstants
{
13 private Subject subject
;
14 private Map
<String
, Object
> sharedState
= null;
16 // private final static LdapName ROLE_ADMIN_NAME, ROLE_ANONYMOUS_NAME, ROLE_USER_NAME;
17 // private final static List<LdapName> RESERVED_ROLES;
18 // private final static X500Principal ROLE_ANONYMOUS_PRINCIPAL;
21 // // ROLE_KERNEL_NAME = new LdapName(AuthConstants.ROLE_KERNEL);
22 // ROLE_ADMIN_NAME = new LdapName(NodeConstants.ROLE_ADMIN);
23 // ROLE_USER_NAME = new LdapName(NodeConstants.ROLE_USER);
24 // ROLE_ANONYMOUS_NAME = new LdapName(NodeConstants.ROLE_ANONYMOUS);
25 // RESERVED_ROLES = Collections.unmodifiableList(Arrays.asList(new LdapName[] { ROLE_ADMIN_NAME,
26 // ROLE_ANONYMOUS_NAME, ROLE_USER_NAME, new LdapName(AuthConstants.ROLE_GROUP_ADMIN),
27 // new LdapName(NodeConstants.ROLE_USER_ADMIN) }));
28 // ROLE_ANONYMOUS_PRINCIPAL = new X500Principal(ROLE_ANONYMOUS_NAME.toString());
29 // } catch (InvalidNameException e) {
30 // throw new Error("Cannot initialize login module class", e);
34 // private Authorization authorization;
36 @SuppressWarnings("unchecked")
38 public void initialize(Subject subject
, CallbackHandler callbackHandler
, Map
<String
, ?
> sharedState
,
39 Map
<String
, ?
> options
) {
40 this.subject
= subject
;
41 this.sharedState
= (Map
<String
, Object
>) sharedState
;
45 public boolean login() throws LoginException
{
46 // if (authorization == null)
47 // throw new FailedLoginException("No authorization available");
48 // Iterator<Authorization> auth = subject.getPrivateCredentials(
49 // Authorization.class).iterator();
50 // if (!auth.hasNext())
51 // throw new FailedLoginException("No authorization available");
52 // authorization = auth.next();
57 public boolean commit() throws LoginException
{
58 Authorization authorization
= (Authorization
) sharedState
.get(SHARED_STATE_AUTHORIZATION
);
59 if (authorization
== null)
60 throw new LoginException("Authorization should not be null");
61 CmsAuthUtils
.addAuthentication(subject
, authorization
);
63 // // required for display name:
64 // subject.getPrivateCredentials().add(authorization);
66 // Set<Principal> principals = subject.getPrincipals();
68 // String authName = authorization.getName();
70 // // determine user's principal
71 // final LdapName name;
72 // final Principal userPrincipal;
73 // if (authName == null) {
74 // name = ROLE_ANONYMOUS_NAME;
75 // userPrincipal = ROLE_ANONYMOUS_PRINCIPAL;
76 // principals.add(userPrincipal);
77 // principals.add(new AnonymousPrincipal());
79 // name = new LdapName(authName);
80 // checkUserName(name);
81 // userPrincipal = new X500Principal(name.toString());
82 // principals.add(userPrincipal);
83 // principals.add(new ImpliedByPrincipal(ROLE_USER_NAME,
87 // // Add roles provided by authorization
88 // for (String role : authorization.getRoles()) {
89 // LdapName roleName = new LdapName(role);
90 // if (roleName.equals(name)) {
93 // checkImpliedPrincipalName(roleName);
94 // principals.add(new ImpliedByPrincipal(roleName.toString(),
96 // if (roleName.equals(ROLE_ADMIN_NAME))
97 // principals.add(new AdminPrincipal(SecurityConstants.ADMIN_ID));
102 // } catch (InvalidNameException e) {
103 // throw new CmsException("Cannot commit", e);
108 public boolean abort() throws LoginException
{
114 public boolean logout() throws LoginException
{
116 throw new LoginException("Subject should not be null");
117 // Clean up principals
118 CmsAuthUtils
.cleanUp(subject
);
119 // Clean up private credentials
120 subject
.getPrivateCredentials().clear();
125 private void cleanUp() {
127 // authorization = null;
130 // private void checkUserName(LdapName name) {
131 // if (RESERVED_ROLES.contains(name))
132 // throw new CmsException(name + " is a reserved name");
135 // private void checkImpliedPrincipalName(LdapName roleName) {
136 // if (ROLE_USER_NAME.equals(roleName) || ROLE_ANONYMOUS_NAME.equals(roleName))
137 // throw new CmsException(roleName + " cannot be listed as role");