]> git.argeo.org Git - lgpl/argeo-commons.git/blobdiff - org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/ArgeoLoginModule.java
projects / lgpl / argeo-commons.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Introduce custom Jackrabbit access control provider
[lgpl/argeo-commons.git] / org.argeo.security.jackrabbit / src / org / argeo / security / jackrabbit / ArgeoLoginModule.java
diff --git a/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/ArgeoLoginModule.java b/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/ArgeoLoginModule.java
index a80f2668228acf6bc3a34ab525e282f2e8e0c309..2ff913dd2b07fdcb502ed89ccb86066900c40853 100644 (file)
--- a/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/ArgeoLoginModule.java
+++ b/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/ArgeoLoginModule.java
@@ -24,7 +24,6 @@ import java.util.Set;
 import javax.jcr.Credentials;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
-import javax.jcr.SimpleCredentials;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.login.LoginException;
 
@@ -41,49 +40,16 @@ import org.springframework.security.core.context.SecurityContextHolder;
 public class ArgeoLoginModule extends AbstractLoginModule {
        private String adminRole = "ROLE_ADMIN";
 
-       @SuppressWarnings("unused")
-       @Override
-       public boolean login() throws LoginException {
-               boolean loginOk = super.login();
-               if (!loginOk) {
-                       org.springframework.security.core.Authentication authen = (org.springframework.security.core.Authentication) SecurityContextHolder
-                                       .getContext().getAuthentication();
-               }
-               return loginOk;
-       }
-
-       @SuppressWarnings("unused")
-       @Override
-       public boolean commit() throws LoginException {
-               boolean commitOk = super.commit();
-               if (!commitOk) {
-                       org.springframework.security.core.Authentication authen = (org.springframework.security.core.Authentication) SecurityContextHolder
-                                       .getContext().getAuthentication();
-               }
-               return commitOk;
-       }
-
        /**
         * Returns the Spring {@link org.springframework.security.Authentication}
         * (which can be null)
         */
        @Override
        protected Principal getPrincipal(Credentials credentials) {
-               org.springframework.security.core.Authentication authen = SecurityContextHolder
-                               .getContext().getAuthentication();
-               return authen;
+               return SecurityContextHolder.getContext().getAuthentication();
        }
 
        protected Set<Principal> getPrincipals() {
-               // clear already registered Jackrabbit principals
-               // clearPrincipals(AdminPrincipal.class);
-               // clearPrincipals(AnonymousPrincipal.class);
-               // clearPrincipals(GrantedAuthorityPrincipal.class);
-
-               return syncPrincipals();
-       }
-
-       protected Set<Principal> syncPrincipals() {
                // use linked HashSet instead of HashSet in order to maintain the order
                // of principals (as in the Subject).
                org.springframework.security.core.Authentication authen = (org.springframework.security.core.Authentication) principal;
@@ -93,12 +59,13 @@ public class ArgeoLoginModule extends AbstractLoginModule {
 
                if (authen instanceof SystemAuthentication) {
                        principals.add(new AdminPrincipal(authen.getName()));
-                       principals.add(new ArgeoSystemPrincipal(authen.getName()));
+                       // principals.add(new ArgeoSystemPrincipal(authen.getName()));
                } else if (authen instanceof AnonymousAuthenticationToken) {
                        principals.add(new AnonymousPrincipal());
                } else {
                        for (GrantedAuthority ga : authen.getAuthorities()) {
-                               principals.add(new GrantedAuthorityPrincipal(ga));
+                               if (ga instanceof Principal)
+                                       principals.add((Principal) ga);
                                // FIXME: make it more generic
                                if (adminRole.equals(ga.getAuthority()))
                                        principals.add(new AdminPrincipal(authen.getName()));
@@ -106,13 +73,10 @@ public class ArgeoLoginModule extends AbstractLoginModule {
                }
 
                // remove previous credentials
-               Set<SimpleCredentials> thisCredentials = subject
-                               .getPublicCredentials(SimpleCredentials.class);
-               if (thisCredentials != null)
-                       thisCredentials.clear();
-               // override credentials since we did not used the one passed to us
-               // credentials = new SimpleCredentials(authen.getName(), authen
-               // .getCredentials().toString().toCharArray());
+               // Set<SimpleCredentials> thisCredentials = subject
+               // .getPublicCredentials(SimpleCredentials.class);
+               // if (thisCredentials != null)
+               // thisCredentials.clear();
 
                return principals;
        }
@@ -122,26 +86,29 @@ public class ArgeoLoginModule extends AbstractLoginModule {
         * {@link org.springframework.security.Authentication} as well. Here we
         * simply clear Jackrabbit related {@link Principal}s.
         */
-       @Override
-       public boolean logout() throws LoginException {
-               clearPrincipals(AdminPrincipal.class);
-               clearPrincipals(ArgeoSystemPrincipal.class);
-               clearPrincipals(AnonymousPrincipal.class);
-               clearPrincipals(GrantedAuthorityPrincipal.class);
-
-               // we resync with Spring Security since the subject may have been reused
-               // in beetween
-               // TODO: check if this is clean
-               // subject.getPrincipals().addAll(syncPrincipals());
-
-               return true;
-       }
-
-       private <T extends Principal> void clearPrincipals(Class<T> clss) {
-               Set<T> principals = subject.getPrincipals(clss);
-               if (principals != null)
-                       principals.clear();
-       }
+       // @Override
+       // public boolean logout() throws LoginException {
+       // Set<Principal> principals = subject.getPrincipals();
+       // for (Principal principal : subject.getPrincipals()) {
+       // if ((principal instanceof AdminPrincipal)
+       // || (principal instanceof ArgeoSystemPrincipal)
+       // || (principal instanceof AnonymousPrincipal)
+       // || (principal instanceof GrantedAuthority)) {
+       // principals.remove(principal);
+       // }
+       // }
+       // // clearPrincipals(AdminPrincipal.class);
+       // // clearPrincipals(ArgeoSystemPrincipal.class);
+       // // clearPrincipals(AnonymousPrincipal.class);
+       // // clearPrincipals(GrantedAuthority.class);
+       // return true;
+       // }
+
+       // private <T extends Principal> void clearPrincipals(Class<T> clss) {
+       // Set<T> principals = subject.getPrincipals(clss);
+       // if (principals != null)
+       // principals.clear();
+       // }
 
        @SuppressWarnings("rawtypes")
        @Override
Argeo Commons - Lightweight integration framework in pure Java/OSGi