org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/SystemJackrabbitLoginModule.java

   1 package org.argeo.security.jackrabbit;
   2
   3 import java.util.Map;
   4 import java.util.Set;
   5
   6 import javax.security.auth.Subject;
   7 import javax.security.auth.callback.CallbackHandler;
   8 import javax.security.auth.login.LoginException;
   9 import javax.security.auth.spi.LoginModule;
  10 import javax.security.auth.x500.X500Principal;
  11
  12 import org.apache.jackrabbit.core.security.SecurityConstants;
  13 import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
  14 import org.argeo.node.DataAdminPrincipal;
  15
  16 public class SystemJackrabbitLoginModule implements LoginModule {
  17
  18         private Subject subject;
  19
  20         @Override
  21         public void initialize(Subject subject, CallbackHandler callbackHandler,
  22                         Map<String, ?> sharedState, Map<String, ?> options) {
  23                 this.subject = subject;
  24         }
  25
  26         @Override
  27         public boolean login() throws LoginException {
  28                 return true;
  29         }
  30
  31         @Override
  32         public boolean commit() throws LoginException {
  33                 Set<DataAdminPrincipal> initPrincipal = subject
  34                                 .getPrincipals(DataAdminPrincipal.class);
  35                 if (!initPrincipal.isEmpty()) {
  36                         subject.getPrincipals().add(
  37                                         new AdminPrincipal(SecurityConstants.ADMIN_ID));
  38                         return true;
  39                 }
  40
  41                 Set<X500Principal> userPrincipal = subject
  42                                 .getPrincipals(X500Principal.class);
  43                 if (userPrincipal.isEmpty())
  44                         throw new LoginException("Subject must be pre-authenticated");
  45                 if (userPrincipal.size() > 1)
  46                         throw new LoginException("Multiple user principals "
  47                                         + userPrincipal);
  48
  49                 return true;
  50         }
  51
  52         @Override
  53         public boolean abort() throws LoginException {
  54                 return true;
  55         }
  56
  57         @Override
  58         public boolean logout() throws LoginException {
  59                 Set<DataAdminPrincipal> initPrincipal = subject
  60                                 .getPrincipals(DataAdminPrincipal.class);
  61                 if (!initPrincipal.isEmpty()) {
  62                         subject.getPrincipals(AdminPrincipal.class);
  63                         return true;
  64                 }
  65                 return true;
  66         }
  67 }