+ subject.getPrincipals().removeAll(subject.getPrincipals(DataAdminPrincipal.class));
+
+ subject.getPrivateCredentials().removeAll(subject.getPrivateCredentials(CmsSessionId.class));
+ subject.getPrivateCredentials().removeAll(subject.getPrivateCredentials(Authorization.class));
+ // Jackrabbit
+ // subject.getPrincipals().removeAll(subject.getPrincipals(AdminPrincipal.class));
+ // subject.getPrincipals().removeAll(subject.getPrincipals(AnonymousPrincipal.class));
+ }
+
+ @SuppressWarnings("unused")
+ synchronized static void registerSessionAuthorization(RemoteAuthRequest request, Subject subject,
+ Authorization authorization, Locale locale) {
+ // synchronized in order to avoid multiple registrations
+ // TODO move it to a service in order to avoid static synchronization
+ if (request != null) {
+ RemoteAuthSession httpSession = request.getSession();
+ String httpSessId = httpSession != null ? httpSession.getId() : null;
+ boolean anonymous = authorization.getName() == null;
+ String remoteUser = !anonymous ? authorization.getName() : CmsConstants.ROLE_ANONYMOUS;
+ request.setAttribute(RemoteAuthRequest.REMOTE_USER, remoteUser);
+ request.setAttribute(RemoteAuthRequest.AUTHORIZATION, authorization);
+
+ CmsSessionImpl cmsSession;
+ CmsSessionImpl currentLocalSession = CmsContextImpl.getCmsContext().getCmsSessionByLocalId(httpSessId);
+ if (currentLocalSession != null) {
+ boolean currentLocalSessionAnonymous = currentLocalSession.isAnonymous();
+ if (!anonymous) {
+ if (currentLocalSessionAnonymous) {
+ currentLocalSession.close();
+ // new CMS session
+ UUID cmsSessionUuid = CmsContextImpl.getCmsContext().getUuidFactory().timeUUID();
+ cmsSession = new RemoteCmsSessionImpl(cmsSessionUuid, subject, authorization, locale, request);
+ CmsContextImpl.getCmsContext().registerCmsSession(cmsSession);
+ } else if (!authorization.getName().equals(currentLocalSession.getAuthorization().getName())) {
+ throw new IllegalStateException("Inconsistent user " + authorization.getName()
+ + " for existing CMS session " + currentLocalSession);
+ } else {
+ // keep current session
+ cmsSession = currentLocalSession;
+ // credentials
+ // TODO control it more??
+ subject.getPrivateCredentials().addAll(cmsSession.getSubject().getPrivateCredentials());
+ subject.getPublicCredentials().addAll(cmsSession.getSubject().getPublicCredentials());
+ }
+ } else {// anonymous
+ if (!currentLocalSessionAnonymous) {
+ currentLocalSession.close();
+ throw new IllegalStateException(
+ "Existing CMS session " + currentLocalSession + " was not logged out properly.");
+ }
+ // keep current session
+ cmsSession = currentLocalSession;
+ }
+ } else {
+ // new CMS session
+ UUID cmsSessionUuid = CmsContextImpl.getCmsContext().getUuidFactory().timeUUID();
+ cmsSession = new RemoteCmsSessionImpl(cmsSessionUuid, subject, authorization, locale, request);
+ CmsContextImpl.getCmsContext().registerCmsSession(cmsSession);
+ }
+
+ if (cmsSession == null)// should be dead code (cf. SuppressWarning of the method)
+ throw new IllegalStateException("CMS session cannot be null");
+
+ CmsSessionId nodeSessionId = new CmsSessionId(cmsSession.getUuid());
+ if (subject.getPrivateCredentials(CmsSessionId.class).size() == 0) {
+ subject.getPrivateCredentials().add(nodeSessionId);
+ } else {
+ UUID storedSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next().getUuid();
+ if (!storedSessionId.equals(nodeSessionId.getUuid()))
+ throw new IllegalStateException(
+ "Subject already logged with session " + storedSessionId + " (not " + nodeSessionId + ")");
+ }
+ request.setAttribute(CmsSession.class.getName(), cmsSession);
+ } else {
+ CmsSessionImpl cmsSession = CmsContextImpl.getCmsContext().getCmsSessionByLocalId(SINGLE_USER_LOCAL_ID);
+ if (cmsSession == null) {
+ UUID cmsSessionUuid = CmsContextImpl.getCmsContext().getUuidFactory().timeUUID();
+ cmsSession = new CmsSessionImpl(cmsSessionUuid, subject, authorization, locale, SINGLE_USER_LOCAL_ID);
+ CmsContextImpl.getCmsContext().registerCmsSession(cmsSession);
+ }
+ CmsSessionId nodeSessionId = new CmsSessionId(cmsSession.getUuid());
+ subject.getPrivateCredentials().add(nodeSessionId);
+ }
+ }
+
+// public static CmsSessionImpl cmsSessionFromHttpSession(BundleContext bc, String httpSessionId) {
+// Authorization authorization = null;
+// Collection<ServiceReference<CmsSession>> sr;
+// try {
+// sr = bc.getServiceReferences(CmsSession.class,
+// "(" + CmsSession.SESSION_LOCAL_ID + "=" + httpSessionId + ")");
+// } catch (InvalidSyntaxException e) {
+// throw new IllegalArgumentException("Cannot get CMS session for id " + httpSessionId, e);
+// }
+// CmsSessionImpl cmsSession;
+// if (sr.size() == 1) {
+// cmsSession = (CmsSessionImpl) bc.getService(sr.iterator().next());
+//// locale = cmsSession.getLocale();
+// authorization = cmsSession.getAuthorization();
+// if (authorization.getName() == null)
+// return null;// anonymous is not sufficient
+// } else if (sr.size() == 0)
+// return null;
+// else
+// throw new IllegalStateException(sr.size() + ">1 web sessions detected for http session " + httpSessionId);
+// return cmsSession;
+// }
+
+ public static <T extends Principal> T getSinglePrincipal(Subject subject, Class<T> clss) {
+ Set<T> principals = subject.getPrincipals(clss);
+ if (principals.isEmpty())
+ return null;
+ if (principals.size() > 1)
+ throw new IllegalStateException("Only one " + clss + " principal expected in " + subject);
+ return principals.iterator().next();
+ }
+
+ private static void checkUserName(String name) throws IllegalArgumentException {
+ if (RESERVED_ROLES.contains(name))
+ throw new IllegalArgumentException(name + " is a reserved name");