org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/SystemJackrabbitLoginModule.java

   1 package org.argeo.security.jackrabbit;
   2
   3 import java.security.Principal;
   4 import java.util.Map;
   5 import java.util.Set;
   6
   7 import javax.security.auth.Subject;
   8 import javax.security.auth.callback.CallbackHandler;
   9 import javax.security.auth.login.LoginException;
  10 import javax.security.auth.spi.LoginModule;
  11
  12 import org.apache.jackrabbit.core.security.AnonymousPrincipal;
  13 import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
  14
  15 public class SystemJackrabbitLoginModule implements LoginModule {
  16
  17         private Subject subject;
  18
  19         @Override
  20         public void initialize(Subject subject, CallbackHandler callbackHandler,
  21                         Map<String, ?> sharedState, Map<String, ?> options) {
  22                 this.subject = subject;
  23         }
  24
  25         @Override
  26         public boolean login() throws LoginException {
  27                 return true;
  28         }
  29
  30         @Override
  31         public boolean commit() throws LoginException {
  32                 Set<Principal> principals = subject.getPrincipals();
  33                 if (principals.isEmpty()) {// system
  34                         subject.getPrincipals().add(new AdminPrincipal("admin"));
  35                         return true;
  36                 }
  37                 boolean isAdmin = false;
  38                 boolean isAnonymous = false;
  39                 // FIXME make it more generic
  40                 for (Principal principal : principals) {
  41                         if (principal.getName().equalsIgnoreCase(
  42                                         "cn=admin,ou=roles,ou=node"))
  43                                 isAdmin = true;
  44                         else if (principal.getName().equalsIgnoreCase(
  45                                         "cn=anonymous,ou=roles,ou=node"))
  46                                 isAnonymous = true;
  47                 }
  48
  49                 if (isAnonymous && isAdmin)
  50                         throw new LoginException("Cannot be admin and anonymous");
  51
  52                 // Add special Jackrabbit roles
  53                 if (isAdmin)
  54                         principals.add(new AdminPrincipal("admin"));
  55                 if (isAnonymous)// anonymous
  56                         principals.add(new AnonymousPrincipal());
  57                 return true;
  58         }
  59
  60         @Override
  61         public boolean abort() throws LoginException {
  62                 return true;
  63         }
  64
  65         @Override
  66         public boolean logout() throws LoginException {
  67                 subject.getPrincipals().removeAll(
  68                                 subject.getPrincipals(AdminPrincipal.class));
  69                 return true;
  70         }
  71
  72 }