]> git.argeo.org Git - lgpl/argeo-commons.git/blobdiff - org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/SystemJackrabbitLoginModule.java
Improve and simplify OSGi Boot
[lgpl/argeo-commons.git] / org.argeo.security.jackrabbit / src / org / argeo / security / jackrabbit / SystemJackrabbitLoginModule.java
index 9977938eccb4029dc6ec683a4e1796a4e0370452..62f8fa02b1d23860011f456253e84b54cabadc9a 100644 (file)
@@ -11,15 +11,15 @@ import javax.security.auth.x500.X500Principal;
 
 import org.apache.jackrabbit.core.security.SecurityConstants;
 import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
-import org.argeo.security.SystemAuth;
+import org.argeo.node.DataAdminPrincipal;
 
 public class SystemJackrabbitLoginModule implements LoginModule {
 
        private Subject subject;
 
        @Override
-       public void initialize(Subject subject, CallbackHandler callbackHandler,
-                       Map<String, ?> sharedState, Map<String, ?> options) {
+       public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
+                       Map<String, ?> options) {
                this.subject = subject;
        }
 
@@ -30,51 +30,19 @@ public class SystemJackrabbitLoginModule implements LoginModule {
 
        @Override
        public boolean commit() throws LoginException {
-               Set<SystemAuth> initPrincipal = subject
-                               .getPrincipals(SystemAuth.class);
+               Set<DataAdminPrincipal> initPrincipal = subject.getPrincipals(DataAdminPrincipal.class);
                if (!initPrincipal.isEmpty()) {
-                       subject.getPrincipals().add(
-                                       new AdminPrincipal(SecurityConstants.ADMIN_ID));
+                       subject.getPrincipals().add(new AdminPrincipal(SecurityConstants.ADMIN_ID));
                        return true;
                }
 
-               Set<X500Principal> userPrincipal = subject
-                               .getPrincipals(X500Principal.class);
+               Set<X500Principal> userPrincipal = subject.getPrincipals(X500Principal.class);
                if (userPrincipal.isEmpty())
                        throw new LoginException("Subject must be pre-authenticated");
                if (userPrincipal.size() > 1)
-                       throw new LoginException("Multiple user principals "
-                                       + userPrincipal);
+                       throw new LoginException("Multiple user principals " + userPrincipal);
 
                return true;
-
-               // Set<Principal> principals = subject.getPrincipals();
-               // if (principals.isEmpty()) {// system
-               // throw new LoginException("Subject must be pre-authenticated");
-               // // subject.getPrincipals().add(new AdminPrincipal("admin"));
-               // // return true;
-               // }
-               // boolean isAdmin = false;
-               // boolean isAnonymous = false;
-               // // FIXME make it more generic
-               // for (Principal principal : principals) {
-               // if (principal.getName().equalsIgnoreCase(
-               // "cn=admin,ou=roles,ou=node"))
-               // isAdmin = true;
-               // else if (principal.getName().equalsIgnoreCase(
-               // "cn=anonymous,ou=roles,ou=node"))
-               // isAnonymous = true;
-               // }
-               //
-               // if (isAnonymous && isAdmin)
-               // throw new LoginException("Cannot be admin and anonymous");
-               //
-               // // Add special Jackrabbit roles
-               // if (isAdmin)
-               // principals.add(new AdminPrincipal(SecurityConstants.ADMIN_ID));
-               // if (isAnonymous)// anonymous
-               // principals.add(new AnonymousPrincipal());
-               // return true;
        }
 
        @Override
@@ -84,14 +52,11 @@ public class SystemJackrabbitLoginModule implements LoginModule {
 
        @Override
        public boolean logout() throws LoginException {
-               Set<SystemAuth> initPrincipal = subject
-                               .getPrincipals(SystemAuth.class);
+               Set<DataAdminPrincipal> initPrincipal = subject.getPrincipals(DataAdminPrincipal.class);
                if (!initPrincipal.isEmpty()) {
                        subject.getPrincipals(AdminPrincipal.class);
                        return true;
                }
-               // subject.getPrincipals().removeAll(
-               // subject.getPrincipals(AdminPrincipal.class));
                return true;
        }
 }