1 package org
.argeo
.security
.jackrabbit
;
6 import javax
.security
.auth
.Subject
;
7 import javax
.security
.auth
.callback
.CallbackHandler
;
8 import javax
.security
.auth
.login
.LoginException
;
9 import javax
.security
.auth
.spi
.LoginModule
;
10 import javax
.security
.auth
.x500
.X500Principal
;
12 import org
.apache
.jackrabbit
.core
.security
.AnonymousPrincipal
;
13 import org
.apache
.jackrabbit
.core
.security
.SecurityConstants
;
14 import org
.apache
.jackrabbit
.core
.security
.principal
.AdminPrincipal
;
15 import org
.argeo
.api
.security
.DataAdminPrincipal
;
17 public class SystemJackrabbitLoginModule
implements LoginModule
{
18 private Subject subject
;
21 public void initialize(Subject subject
, CallbackHandler callbackHandler
, Map
<String
, ?
> sharedState
,
22 Map
<String
, ?
> options
) {
23 this.subject
= subject
;
27 public boolean login() throws LoginException
{
32 public boolean commit() throws LoginException
{
33 Set
<org
.argeo
.api
.security
.AnonymousPrincipal
> anonPrincipal
= subject
.getPrincipals(org
.argeo
.api
.security
.AnonymousPrincipal
.class);
34 if (!anonPrincipal
.isEmpty()) {
35 subject
.getPrincipals().add(new AnonymousPrincipal());
39 Set
<DataAdminPrincipal
> initPrincipal
= subject
.getPrincipals(DataAdminPrincipal
.class);
40 if (!initPrincipal
.isEmpty()) {
41 subject
.getPrincipals().add(new AdminPrincipal(SecurityConstants
.ADMIN_ID
));
45 Set
<X500Principal
> userPrincipal
= subject
.getPrincipals(X500Principal
.class);
46 if (userPrincipal
.isEmpty())
47 throw new LoginException("Subject must be pre-authenticated");
48 if (userPrincipal
.size() > 1)
49 throw new LoginException("Multiple user principals " + userPrincipal
);
55 public boolean abort() throws LoginException
{
60 public boolean logout() throws LoginException
{
61 subject
.getPrincipals().removeAll(subject
.getPrincipals(AnonymousPrincipal
.class));
62 subject
.getPrincipals().removeAll(subject
.getPrincipals(AdminPrincipal
.class));