1 package org
.argeo
.security
.jackrabbit
;
6 import javax
.security
.auth
.Subject
;
7 import javax
.security
.auth
.callback
.CallbackHandler
;
8 import javax
.security
.auth
.login
.LoginException
;
9 import javax
.security
.auth
.spi
.LoginModule
;
10 import javax
.security
.auth
.x500
.X500Principal
;
12 import org
.apache
.jackrabbit
.core
.security
.SecurityConstants
;
13 import org
.apache
.jackrabbit
.core
.security
.principal
.AdminPrincipal
;
14 import org
.argeo
.security
.SystemAuth
;
16 public class SystemJackrabbitLoginModule
implements LoginModule
{
18 private Subject subject
;
21 public void initialize(Subject subject
, CallbackHandler callbackHandler
,
22 Map
<String
, ?
> sharedState
, Map
<String
, ?
> options
) {
23 this.subject
= subject
;
27 public boolean login() throws LoginException
{
32 public boolean commit() throws LoginException
{
33 Set
<SystemAuth
> initPrincipal
= subject
34 .getPrincipals(SystemAuth
.class);
35 if (!initPrincipal
.isEmpty()) {
36 subject
.getPrincipals().add(
37 new AdminPrincipal(SecurityConstants
.ADMIN_ID
));
41 Set
<X500Principal
> userPrincipal
= subject
42 .getPrincipals(X500Principal
.class);
43 if (userPrincipal
.isEmpty())
44 throw new LoginException("Subject must be pre-authenticated");
45 if (userPrincipal
.size() > 1)
46 throw new LoginException("Multiple user principals "
51 // Set<Principal> principals = subject.getPrincipals();
52 // if (principals.isEmpty()) {// system
53 // throw new LoginException("Subject must be pre-authenticated");
54 // // subject.getPrincipals().add(new AdminPrincipal("admin"));
57 // boolean isAdmin = false;
58 // boolean isAnonymous = false;
59 // // FIXME make it more generic
60 // for (Principal principal : principals) {
61 // if (principal.getName().equalsIgnoreCase(
62 // "cn=admin,ou=roles,ou=node"))
64 // else if (principal.getName().equalsIgnoreCase(
65 // "cn=anonymous,ou=roles,ou=node"))
66 // isAnonymous = true;
69 // if (isAnonymous && isAdmin)
70 // throw new LoginException("Cannot be admin and anonymous");
72 // // Add special Jackrabbit roles
74 // principals.add(new AdminPrincipal(SecurityConstants.ADMIN_ID));
75 // if (isAnonymous)// anonymous
76 // principals.add(new AnonymousPrincipal());
81 public boolean abort() throws LoginException
{
86 public boolean logout() throws LoginException
{
87 Set
<SystemAuth
> initPrincipal
= subject
88 .getPrincipals(SystemAuth
.class);
89 if (!initPrincipal
.isEmpty()) {
90 subject
.getPrincipals(AdminPrincipal
.class);
93 // subject.getPrincipals().removeAll(
94 // subject.getPrincipals(AdminPrincipal.class));