import java.security.Principal;
import java.util.Arrays;
import java.util.Collections;
-import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.argeo.cms.internal.auth.ImpliedByPrincipal;
import org.osgi.service.useradmin.Authorization;
-public class NodeUserLoginModule implements LoginModule {
+public class NodeUserLoginModule implements LoginModule, AuthConstants {
private Subject subject;
+ private Map<String, Object> sharedState = null;
- private final static LdapName ROLE_KERNEL_NAME, ROLE_ADMIN_NAME,
- ROLE_ANONYMOUS_NAME, ROLE_USER_NAME;
+ private final static LdapName ROLE_KERNEL_NAME, ROLE_ADMIN_NAME, ROLE_ANONYMOUS_NAME, ROLE_USER_NAME;
private final static List<LdapName> RESERVED_ROLES;
private final static X500Principal ROLE_ANONYMOUS_PRINCIPAL;
static {
ROLE_ADMIN_NAME = new LdapName(AuthConstants.ROLE_ADMIN);
ROLE_USER_NAME = new LdapName(AuthConstants.ROLE_USER);
ROLE_ANONYMOUS_NAME = new LdapName(AuthConstants.ROLE_ANONYMOUS);
- RESERVED_ROLES = Collections.unmodifiableList(Arrays
- .asList(new LdapName[] { ROLE_KERNEL_NAME, ROLE_ADMIN_NAME,
- ROLE_ANONYMOUS_NAME, ROLE_USER_NAME,
- new LdapName(AuthConstants.ROLE_GROUP_ADMIN),
- new LdapName(AuthConstants.ROLE_USER_ADMIN) }));
- ROLE_ANONYMOUS_PRINCIPAL = new X500Principal(
- ROLE_ANONYMOUS_NAME.toString());
+ RESERVED_ROLES = Collections.unmodifiableList(Arrays.asList(new LdapName[] { ROLE_KERNEL_NAME,
+ ROLE_ADMIN_NAME, ROLE_ANONYMOUS_NAME, ROLE_USER_NAME, new LdapName(AuthConstants.ROLE_GROUP_ADMIN),
+ new LdapName(AuthConstants.ROLE_USER_ADMIN) }));
+ ROLE_ANONYMOUS_PRINCIPAL = new X500Principal(ROLE_ANONYMOUS_NAME.toString());
} catch (InvalidNameException e) {
throw new Error("Cannot initialize login module class", e);
}
private Authorization authorization;
+ @SuppressWarnings("unchecked")
@Override
- public void initialize(Subject subject, CallbackHandler callbackHandler,
- Map<String, ?> sharedState, Map<String, ?> options) {
+ public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
+ Map<String, ?> options) {
this.subject = subject;
+ this.sharedState = (Map<String, Object>) sharedState;
}
@Override
public boolean login() throws LoginException {
- Iterator<Authorization> auth = subject.getPrivateCredentials(
- Authorization.class).iterator();
- if (!auth.hasNext())
+ authorization = (Authorization) sharedState.get(SHARED_STATE_AUTHORIZATION);
+ if (authorization == null)
throw new FailedLoginException("No authorization available");
- authorization = auth.next();
+ // Iterator<Authorization> auth = subject.getPrivateCredentials(
+ // Authorization.class).iterator();
+ // if (!auth.hasNext())
+ // throw new FailedLoginException("No authorization available");
+ // authorization = auth.next();
return true;
}
public boolean commit() throws LoginException {
if (authorization == null)
throw new LoginException("Authorization should not be null");
+ // required for display name:
+ subject.getPrivateCredentials().add(authorization);
+
Set<Principal> principals = subject.getPrincipals();
try {
String authName = authorization.getName();
checkUserName(name);
userPrincipal = new X500Principal(name.toString());
principals.add(userPrincipal);
- principals.add(new ImpliedByPrincipal(ROLE_USER_NAME,
- userPrincipal));
+ principals.add(new ImpliedByPrincipal(ROLE_USER_NAME, userPrincipal));
}
// Add roles provided by authorization
// skip
} else {
checkImpliedPrincipalName(roleName);
- principals.add(new ImpliedByPrincipal(roleName.toString(),
- userPrincipal));
+ principals.add(new ImpliedByPrincipal(roleName.toString(), userPrincipal));
if (roleName.equals(ROLE_ADMIN_NAME))
- principals.add(new AdminPrincipal(
- SecurityConstants.ADMIN_ID));
+ principals.add(new AdminPrincipal(SecurityConstants.ADMIN_ID));
}
}
if (subject == null)
throw new LoginException("Subject should not be null");
// Argeo
- subject.getPrincipals().removeAll(
- subject.getPrincipals(X500Principal.class));
- subject.getPrincipals().removeAll(
- subject.getPrincipals(ImpliedByPrincipal.class));
+ subject.getPrincipals().removeAll(subject.getPrincipals(X500Principal.class));
+ subject.getPrincipals().removeAll(subject.getPrincipals(ImpliedByPrincipal.class));
// Jackrabbit
- subject.getPrincipals().removeAll(
- subject.getPrincipals(AdminPrincipal.class));
- subject.getPrincipals().removeAll(
- subject.getPrincipals(AnonymousPrincipal.class));
+ subject.getPrincipals().removeAll(subject.getPrincipals(AdminPrincipal.class));
+ subject.getPrincipals().removeAll(subject.getPrincipals(AnonymousPrincipal.class));
cleanUp();
return true;
}
}
private void checkImpliedPrincipalName(LdapName roleName) {
- if (ROLE_USER_NAME.equals(roleName)
- || ROLE_ANONYMOUS_NAME.equals(roleName)
+ if (ROLE_USER_NAME.equals(roleName) || ROLE_ANONYMOUS_NAME.equals(roleName)
|| ROLE_KERNEL_NAME.equals(roleName))
throw new CmsException(roleName + " cannot be listed as role");
}